Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0jNz7djbpp.exe

Overview

General Information

Sample name:0jNz7djbpp.exe
renamed because original name is a hash value
Original sample name:151e75f3ed3003b63ecbee13741e788b519db99c5253f32a041f501f28688111.exe
Analysis ID:1571345
MD5:2bfda47c91a80443539fb763dc2b6027
SHA1:4ab34c3028dea6c636ed7ae2f94ec55cd8a78d55
SHA256:151e75f3ed3003b63ecbee13741e788b519db99c5253f32a041f501f28688111
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Python Stealer
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 0jNz7djbpp.exe (PID: 2352 cmdline: "C:\Users\user\Desktop\0jNz7djbpp.exe" MD5: 2BFDA47C91A80443539FB763DC2B6027)
    • 0jNz7djbpp.exe (PID: 3128 cmdline: "C:\Users\user\Desktop\0jNz7djbpp.exe" MD5: 2BFDA47C91A80443539FB763DC2B6027)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: 0jNz7djbpp.exe PID: 3128JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: 0jNz7djbpp.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: 0jNz7djbpp.exeReversingLabs: Detection: 15%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.4% probability
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B2365
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A821A930
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B17F8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A81B1A05
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A81B1811
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CE948 CRYPTO_free,2_2_00007FF8A81CE948
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C4980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FF8A81C4980
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C6990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FF8A81C6990
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A81B1A32
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A81B117C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B20E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FF8A81B110E
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F8A90 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81F8A90
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81B213F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B4B10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CCB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81CCB40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DEB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8A81DEB40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B2464
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B4BD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81B1F87
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81E4C28 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A81E4C28
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CEC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A81CEC00
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F2C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A81F2C10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A81B11A9
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8206C40 CRYPTO_realloc,2_2_00007FF8A8206C40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A81B2112
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A821ACD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8210D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A8210D30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DCD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FF8A81DCD30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8A81B21E4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D8D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A81D8D10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A81B1A23
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81E8D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81E8D90
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A81BCDC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A81B1E65
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A81B195B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8206E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8206E70
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A81B105F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8200E50 CRYPTO_memcmp,2_2_00007FF8A8200E50
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A81B1677
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2374 CRYPTO_free,2_2_00007FF8A81B2374
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8212F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A8212F60
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B4FA0 CRYPTO_free,2_2_00007FF8A81B4FA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8A81B1393
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A81B1B90
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BF060 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A81BF060
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B2121
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A81B1262
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DD0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A81DD0C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82010C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82010C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A821B0D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1140 CRYPTO_free,2_2_00007FF8A81B1140
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8214110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A8214110
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C21F0 CRYPTO_THREAD_run_once,2_2_00007FF8A81C21F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D21C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A81D21C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CE227 CRYPTO_THREAD_write_lock,2_2_00007FF8A81CE227
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B1389
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F4230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A81F4230
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F2230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8A81F2230
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE200 CRYPTO_free,2_2_00007FF8A81FE200
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE260 CRYPTO_free,2_2_00007FF8A81FE260
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1401
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B198D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A81B1B54
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82222F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82222F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A81B2180
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A822A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8A822A2C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81B23D8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B4300
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8208350 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8208350
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C43A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8A81C43A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FF8A81B25EF
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D0380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A81D0380
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B139D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B1A0F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B18B6
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B84B0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A81B84B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A81B1F23
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1492
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8222510 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8222510
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B1488
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE540 CRYPTO_free,2_2_00007FF8A81FE540
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8214540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8214540
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE5A0 CRYPTO_free,2_2_00007FF8A81FE5A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DE5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A81DE5E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F25D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A81F25D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F8620 CRYPTO_free,2_2_00007FF8A81F8620
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A81B1212
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A81B114F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CA600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A81CA600
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8A81B120D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B241E
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82166E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A82166E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82226E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FF8A82226E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A81B26AD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F86D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FF8A81F86D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B14CE
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B17E9
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A81B1CA3
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8210700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A8210700
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A822A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A822A770
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D6758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,ERR_peek_error,X509_STORE_add_lookup,2_2_00007FF8A81D6758
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B22D4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1771 CRYPTO_free,2_2_00007FF8A81B1771
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C4790 CRYPTO_get_ex_new_index,2_2_00007FF8A81C4790
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C47F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81C47F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B17DF
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8224809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8224809
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B136B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F8810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81F8810
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1181
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B13DE
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FF8A81B2577
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B1A41
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A81B1D84
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A81C7980
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B107D CRYPTO_free,2_2_00007FF8A81B107D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D59F0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A81D59F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B204A
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B271B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A81B271B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A81C5A10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B1A16
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D6758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,ERR_peek_error,X509_STORE_add_lookup,2_2_00007FF8A81D6758
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8207A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8207A40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A81B1C53
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D6758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,ERR_peek_error,X509_STORE_add_lookup,2_2_00007FF8A81D6758
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D6758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,ERR_peek_error,X509_STORE_add_lookup,2_2_00007FF8A81D6758
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D5AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81D5AE0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FDAF0 CRYPTO_free,2_2_00007FF8A81FDAF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A81B13D9
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B23EC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A81C3B30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8215B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A8215B10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A81C5B10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FDB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81FDB60
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A821BB70
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B267B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A81B23E7
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A81B222A
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A81B1361
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A81B1CEE
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A81B150F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A81B5C53
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D5CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81D5CF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A81B1F37
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A81B19DD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8207CD0 CRYPTO_memcmp,2_2_00007FF8A8207CD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8213D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A8213D30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B1CBC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B1F50
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B15E6
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C5D80 CRYPTO_THREAD_run_once,2_2_00007FF8A81C5D80
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1CE9
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D1E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A81D1E60
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B16A4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B3EB0 CRYPTO_free,2_2_00007FF8A81B3EB0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A81B5E80
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B24E6
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81BDEC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81CBEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A81CBEC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B236F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8229F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8229F10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8221F70 CRYPTO_memcmp,2_2_00007FF8A8221F70
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B1EDD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A81B1AC3
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2027 CRYPTO_free,2_2_00007FF8A81B2027
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FF8A81BDFB2
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A81B1D8E
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B103C CRYPTO_malloc,COMP_expand_block,2_2_00007FF8A81B103C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81E4000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81E4000
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE040 CRYPTO_free,2_2_00007FF8A81FE040
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FF8A81B1893
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82080A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82080A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A81B1AB4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8A81B24C8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8A81B26DF
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FE0C1 CRYPTO_free,CRYPTO_free,2_2_00007FF8A81FE0C1
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8211126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A8211126
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FF8A821D170
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BD140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81BD140
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8A81B111D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B20EF
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BB200 CRYPTO_clear_free,2_2_00007FF8A81BB200
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B1483
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8213210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A8213210
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A81B155A
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F52A0 CRYPTO_free,2_2_00007FF8A81F52A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FF8A81B230B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BD2E1 CRYPTO_free,2_2_00007FF8A81BD2E1
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82012E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A82012E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A81B1997
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FD2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FF8A81FD2F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FF8A81B144C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B1ED8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FF8A81B1992
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B11BD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F9370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A81F9370
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1ACD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8213420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8A8213420
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81B193D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81B1023
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81E3460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81E3460
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FF490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81FF490
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C14E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A81C14E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B12CB CRYPTO_THREAD_run_once,2_2_00007FF8A81B12CB
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FF8A81BF540
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8225540 CRYPTO_memcmp,2_2_00007FF8A8225540
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F35E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FF8A81F35E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A820F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A820F660
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8A81B1646
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B2522
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8A81B176C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8A81B25D6
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C7730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A81C7730
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8A81B1087
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A81B108C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8207770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8207770
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DD750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A81DD750
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C97B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A81C97B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8229790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FF8A8229790
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A81B1582
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81BF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8A81BF7F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A81B11DB
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B19E7 CRYPTO_free,2_2_00007FF8A81B19E7
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8A81B162C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8227820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8227820
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D5870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A81D5870
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8A81B586A
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FF8A81B1846
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8219850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8219850
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82138A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FF8A82138A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A81B1B31
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A820F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A820F8F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A81B2590
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FF8A81B1B18
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78318E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,2_2_00007FF8B78318E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7836244 CRYPTO_memcmp,2_2_00007FF8B7836244
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A51D4 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,2_2_00007FF8B78A51D4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A4F20 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,2_2_00007FF8B78A4F20
    Source: 0jNz7djbpp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060431720.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060764174.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2094058307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, win32pdh.pyd.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058050234.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3307512900.00007FF8A8EF5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058852349.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057146485.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059606121.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060288421.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060835092.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A8629000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 0jNz7djbpp.exe, 00000000.00000003.2054452813.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058345809.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059754039.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054608408.0000016995635000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059465815.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059977079.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3309566919.00007FF8B93D1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3307882428.00007FF8B7837000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057763987.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059081583.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2056926291.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057884647.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059900462.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3308514897.00007FF8B7E52000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308790009.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309413093.00007FF8B8F8D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059234758.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: 0jNz7djbpp.exe, 00000002.00000002.3307512900.00007FF8A8EF5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 0jNz7djbpp.exe, 00000000.00000003.2054608408.0000016995635000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060982878.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3306195847.00007FF8A8B84000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058243770.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3303682517.00007FF8A819F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A86C1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: 0jNz7djbpp.exe, 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059538255.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059009558.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309185509.00007FF8B8CB6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057015645.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059828437.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054452813.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058767806.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060508345.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A86C1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059156566.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309819998.00007FF8B9843000.00000002.00000001.01000000.0000000F.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058940627.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2061053867.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059309779.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059678451.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059397415.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058149992.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308790009.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060691291.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058669882.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310216576.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058433547.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310216576.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299367779.0000014DF3BC0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060362049.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060910371.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC888D0 FindFirstFileExW,FindClose,0_2_00007FF73EC888D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF73ECA1EE4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB304C FindFirstFileExW,FindNextFileW,FindClose,2_2_00007FF8A8EB304C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB3290 FindFirstFileExW,FindNextFileW,FindClose,2_2_00007FF8A8EB3290
    Source: Joe Sandbox ViewIP Address: 34.224.200.202 34.224.200.202
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B06594 memset,recvfrom,2_2_00007FF8B8B06594
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F2F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3302300225.0000014DF57C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300788421.0000014DF4A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://arxiv.org/abs/1805.10941.
    Source: 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRoot
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068451720.0000016995638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF421C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107676215.0000014DF421F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299717589.0000014DF4061000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF4128000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF40D9000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107852422.0000014DF3E9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlU
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crllication
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
    Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302015458.0000014DF54C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302015458.0000014DF54C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302015458.0000014DF54C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300195894.0000014DF4530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: 0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111125616.0000014DF4D71000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esZ
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: 0jNz7djbpp.exe, 00000000.00000003.2088405485.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1D88000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl:
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299628168.0000014DF3F10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/4)
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2065348950.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2089931774.0000016995639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.inference.org.uk/mackay/itila/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2087623431.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _mt19937.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2087865526.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/
    Source: bit_generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
    Source: 0jNz7djbpp.exe, 00000000.00000003.2088405485.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botz
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=y
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF596C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/recibidor.php
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106294038.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107852422.0000014DF3E9B000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2105480166.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF596C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapoz
    Source: bit_generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: 0jNz7djbpp.exe, 00000000.00000002.3298672667.0000016995646000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093637975.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091233599.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2094058307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093766483.0000016995639000.00000004.00000020.00020000.00000000.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.dr, win32pdh.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300195894.0000014DF4530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: 0jNz7djbpp.exe, 00000002.00000002.3298992829.0000014DF37FC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: 0jNz7djbpp.exe, 00000002.00000003.2103942033.0000014DF3E59000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103812799.0000014DF4050000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF38D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/3960
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302117477.0000014DF55C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF40E8000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: 0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF40E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302300225.0000014DF57C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF59B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip0
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300195894.0000014DF4530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF59B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D9A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF421C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: 0jNz7djbpp.exe, 00000002.00000003.2104650574.0000014DF3E39000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2104160922.0000014DF3E39000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2104160922.0000014DF3D32000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2097764926.0000014DF394F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2098074179.0000014DF394F000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3306195847.00007FF8A8B84000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300788421.0000014DF4A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_67.htm
    Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_69.htm
    Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_79.htm
    Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_83.htm
    Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_86.htm
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF591C000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF591C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxep%
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: 0jNz7djbpp.exe, 00000002.00000003.2103375897.0000014DF3973000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
    Source: 0jNz7djbpp.exe, 00000002.00000003.2103568266.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF38D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: 0jNz7djbpp.exe, 00000002.00000003.2103519400.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103055909.0000014DF4011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#
    Source: 0jNz7djbpp.exe, 00000002.00000003.2103519400.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103055909.0000014DF4011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D9A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: 0jNz7djbpp.exe, 00000002.00000003.2111125616.0000014DF4D71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
    Source: 0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF4128000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF40D9000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107676215.0000014DF4128000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062112050.000001699563B000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: 0jNz7djbpp.exe, 00000000.00000003.2062112050.000001699563B000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2062200984.0000016995646000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2062112050.0000016995646000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: 0jNz7djbpp.exe, 00000000.00000003.2087865526.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _pcg64.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
    Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
    Source: 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3305794910.00007FF8A876A000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3298992829.0000014DF3780000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: 0jNz7djbpp.exe, 00000002.00000002.3306793258.00007FF8A8CFC000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3306195847.00007FF8A8B84000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: 0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF40E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA63700_2_00007FF73ECA6370
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC879500_2_00007FF73EC87950
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA72BC0_2_00007FF73ECA72BC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA9FF80_2_00007FF73ECA9FF8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC88FD00_2_00007FF73EC88FD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC95F300_2_00007FF73EC95F30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA471C0_2_00007FF73ECA471C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC81F500_2_00007FF73EC81F50
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA0F380_2_00007FF73ECA0F38
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC920A00_2_00007FF73EC920A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC918800_2_00007FF73EC91880
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC9E01C0_2_00007FF73EC9E01C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA65EC0_2_00007FF73ECA65EC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA6D700_2_00007FF73ECA6D70
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC92D500_2_00007FF73EC92D50
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC936E00_2_00007FF73EC936E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA1EE40_2_00007FF73ECA1EE4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC986D00_2_00007FF73EC986D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC91E940_2_00007FF73EC91E94
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC9EB300_2_00007FF73EC9EB30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC9E4B00_2_00007FF73EC9E4B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97C980_2_00007FF73EC97C98
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC91C900_2_00007FF73EC91C90
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC9A4300_2_00007FF73EC9A430
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC93AE40_2_00007FF73EC93AE4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC922A40_2_00007FF73EC922A4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA0F380_2_00007FF73ECA0F38
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA42800_2_00007FF73ECA4280
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC91A840_2_00007FF73EC91A84
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A80918A02_2_00007FF8A80918A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A80912F02_2_00007FF8A80912F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F57702_2_00007FF8A81F5770
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B17F82_2_00007FF8A81B17F8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B16182_2_00007FF8A81B1618
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B26FD2_2_00007FF8A81B26FD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B26122_2_00007FF8A81B2612
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B117C2_2_00007FF8A81B117C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B24D72_2_00007FF8A81B24D7
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B149C2_2_00007FF8A81B149C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B21C12_2_00007FF8A81B21C1
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1C122_2_00007FF8A81B1C12
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81C70B02_2_00007FF8A81C70B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B116D2_2_00007FF8A81B116D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1B542_2_00007FF8A81B1B54
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81E83F02_2_00007FF8A81E83F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1A0F2_2_00007FF8A81B1A0F
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A821C5302_2_00007FF8A821C530
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B16FE2_2_00007FF8A81B16FE
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B86302_2_00007FF8A81B8630
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A82226E02_2_00007FF8A82226E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B143D2_2_00007FF8A81B143D
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B13DE2_2_00007FF8A81B13DE
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B15962_2_00007FF8A81B1596
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B21DF2_2_00007FF8A81B21DF
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8229B302_2_00007FF8A8229B30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1AD72_2_00007FF8A81B1AD7
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D5CF02_2_00007FF8A81D5CF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1CBC2_2_00007FF8A81B1CBC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1EDD2_2_00007FF8A81B1EDD
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1D8E2_2_00007FF8A81B1D8E
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B155A2_2_00007FF8A81B155A
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FD2F02_2_00007FF8A81FD2F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81F93702_2_00007FF8A81F9370
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B1FD72_2_00007FF8A81B1FD7
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81DB7002_2_00007FF8A81DB700
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81FD7C02_2_00007FF8A81FD7C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B15462_2_00007FF8A81B1546
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4C9502_2_00007FF8A8E4C950
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E5CAC02_2_00007FF8A8E5CAC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB2A782_2_00007FF8A8EB2A78
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E65A402_2_00007FF8A8E65A40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E6BB9C2_2_00007FF8A8E6BB9C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E60B102_2_00007FF8A8E60B10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E61C942_2_00007FF8A8E61C94
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4BC802_2_00007FF8A8E4BC80
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB2C582_2_00007FF8A8EB2C58
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E47C302_2_00007FF8A8E47C30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EA7C2C2_2_00007FF8A8EA7C2C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4FC202_2_00007FF8A8E4FC20
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E45DB42_2_00007FF8A8E45DB4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E81EB02_2_00007FF8A8E81EB0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EE5E742_2_00007FF8A8EE5E74
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4EE402_2_00007FF8A8E4EE40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EE8E082_2_00007FF8A8EE8E08
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E50FF02_2_00007FF8A8E50FF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E42FA02_2_00007FF8A8E42FA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E5EF442_2_00007FF8A8E5EF44
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8ED00CC2_2_00007FF8A8ED00CC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E521D02_2_00007FF8A8E521D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E481742_2_00007FF8A8E48174
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E432742_2_00007FF8A8E43274
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4233C2_2_00007FF8A8E4233C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E5D4602_2_00007FF8A8E5D460
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4F5002_2_00007FF8A8E4F500
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E6E7702_2_00007FF8A8E6E770
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E426F82_2_00007FF8A8E426F8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E4F8802_2_00007FF8A8E4F880
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B780C4802_2_00007FF8B780C480
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78109802_2_00007FF8B7810980
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78312B02_2_00007FF8B78312B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78318E02_2_00007FF8B78318E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78310002_2_00007FF8B7831000
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A8CAC2_2_00007FF8B78A8CAC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A5AB42_2_00007FF8B78A5AB4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78ABAE82_2_00007FF8B78ABAE8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A52E02_2_00007FF8B78A52E0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A85A82_2_00007FF8B78A85A8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A99C02_2_00007FF8B78A99C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A9DBC2_2_00007FF8B78A9DBC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7E37BA02_2_00007FF8B7E37BA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7E37F792_2_00007FF8B7E37F79
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B012202_2_00007FF8B8B01220
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B03AD02_2_00007FF8B8B03AD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B225202_2_00007FF8B8B22520
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B212B02_2_00007FF8B8B212B0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B26E502_2_00007FF8B8B26E50
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B22FD02_2_00007FF8B8B22FD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B21BA02_2_00007FF8B8B21BA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B253602_2_00007FF8B8B25360
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B2F8BC2_2_00007FF8B8B2F8BC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B28CD02_2_00007FF8B8B28CD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B25C902_2_00007FF8B8B25C90
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F82F002_2_00007FF8B8F82F00
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F861002_2_00007FF8B8F86100
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F810002_2_00007FF8B8F81000
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F83F102_2_00007FF8B8F83F10
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F83C802_2_00007FF8B8F83C80
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F8C8BC2_2_00007FF8B8F8C8BC
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B93C32802_2_00007FF8B93C3280
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B93C531C2_2_00007FF8B93C531C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B9F67CA02_2_00007FF8B9F67CA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8B7803880 appears 114 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C265 appears 48 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C17B appears 38 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C181 appears 1192 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C16F appears 335 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A81B1325 appears 478 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8B7803800 appears 51 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C931 appears 39 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF8A822C93D appears 69 times
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: String function: 00007FF73EC82B30 appears 47 times
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: Number of sections : 19 > 10
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-private-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059828437.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059606121.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060691291.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060593948.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060288421.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059009558.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2056926291.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058852349.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060764174.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2068680599.0000016995638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058243770.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059754039.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2057763987.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000002.3298672667.0000016995646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32pdh.pyd0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2057146485.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059538255.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060982878.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2057015645.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2093637975.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059081583.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2057884647.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2091233599.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059309779.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058767806.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059465815.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055141102.0000016995635000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058050234.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055310924.0000016995636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2061053867.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060910371.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058940627.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060835092.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2094058307.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32pdh.pyd0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2056077450.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059900462.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059678451.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058345809.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2093766483.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059977079.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060508345.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059397415.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2092500817.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058669882.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2091693863.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2089115661.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059234758.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2054452813.0000016995635000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058433547.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2054608408.0000016995635000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2056217226.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060431720.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2059156566.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2058149992.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000000.00000003.2060362049.0000016995637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exeBinary or memory string: OriginalFilename vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3304042650.00007FF8A81A4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3308943042.00007FF8B8B45000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3309644148.00007FF8B93DE000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3307326956.00007FF8A8E25000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3309469304.00007FF8B8F92000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3310282248.00007FF8BA4F7000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3309222046.00007FF8B8CBB000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3305794910.00007FF8A876A000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3307604562.00007FF8A8F32000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3309903488.00007FF8B9846000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3307918512.00007FF8B783E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3308554209.00007FF8B7E5D000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs 0jNz7djbpp.exe
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299367779.0000014DF3BC0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs 0jNz7djbpp.exe
    Source: classification engineClassification label: mal76.troj.winEXE@3/102@1/1
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC88560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF73EC88560
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522Jump to behavior
    Source: 0jNz7djbpp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 0jNz7djbpp.exeReversingLabs: Detection: 15%
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile read: C:\Users\user\Desktop\0jNz7djbpp.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\0jNz7djbpp.exe "C:\Users\user\Desktop\0jNz7djbpp.exe"
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeProcess created: C:\Users\user\Desktop\0jNz7djbpp.exe "C:\Users\user\Desktop\0jNz7djbpp.exe"
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeProcess created: C:\Users\user\Desktop\0jNz7djbpp.exe "C:\Users\user\Desktop\0jNz7djbpp.exe"Jump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: 0jNz7djbpp.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: 0jNz7djbpp.exeStatic file information: File size 31979318 > 1048576
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: 0jNz7djbpp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: 0jNz7djbpp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060431720.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060764174.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2094058307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, win32pdh.pyd.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058050234.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3307512900.00007FF8A8EF5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058852349.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057146485.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059606121.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060288421.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060835092.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A8629000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 0jNz7djbpp.exe, 00000000.00000003.2054452813.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055712432.0000016995637000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058345809.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059754039.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054608408.0000016995635000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059465815.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059977079.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3309566919.00007FF8B93D1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055478715.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3307882428.00007FF8B7837000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057763987.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059081583.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2056926291.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054723185.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057884647.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059900462.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3308514897.00007FF8B7E52000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308790009.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054842744.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309413093.00007FF8B8F8D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059234758.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: 0jNz7djbpp.exe, 00000002.00000002.3307512900.00007FF8A8EF5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055969540.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 0jNz7djbpp.exe, 00000000.00000003.2054608408.0000016995635000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060982878.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3306195847.00007FF8A8B84000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058243770.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2093052319.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3303682517.00007FF8A819F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A86C1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: 0jNz7djbpp.exe, 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059538255.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059009558.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055790293.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309185509.00007FF8B8CB6000.00000002.00000001.01000000.00000016.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2057015645.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059828437.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2054452813.0000016995635000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058767806.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060508345.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3305271995.00007FF8A86C1000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059156566.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2091445307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309819998.00007FF8B9843000.00000002.00000001.01000000.0000000F.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058940627.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2061053867.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059309779.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059678451.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2059397415.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058149992.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: 0jNz7djbpp.exe, 00000000.00000003.2055588390.0000016995636000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3308790009.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060691291.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058669882.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2055891789.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310216576.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2058433547.0000016995637000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: 0jNz7djbpp.exe, 00000000.00000003.2056591163.0000016995637000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3310216576.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2089260469.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299367779.0000014DF3BC0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060362049.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 0jNz7djbpp.exe, 00000000.00000003.2060910371.0000016995637000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: 0jNz7djbpp.exe, 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
    Source: 0jNz7djbpp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: 0jNz7djbpp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: 0jNz7djbpp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: 0jNz7djbpp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: 0jNz7djbpp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
    Source: 0jNz7djbpp.exeStatic PE information: section name: _RDATA
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: .xdata
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /4
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /19
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /31
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /45
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /57
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /70
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /81
    Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /92
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECC5004 push rsp; retf 0_2_00007FF73ECC5005
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81D4021 push rcx; ret 2_2_00007FF8A81D4022
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E6F970 push rdi; ret 2_2_00007FF8A8E6F976
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E69D25 push rdi; ret 2_2_00007FF8A8E69D2B
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E6F25D push rdi; ret 2_2_00007FF8A8E6F264
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B2D3E8 push rbp; iretd 2_2_00007FF8B8B2D3ED

    Persistence and Installation Behavior

    barindex
    Found pyInstaller with non standard icon
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeProcess created: "C:\Users\user\Desktop\0jNz7djbpp.exe"
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imaging.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingtk.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingmath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingcms.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_webp.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file

    Hooking and other Techniques for Hiding and Protection

    barindex
    Icon mismatch, binary includes an icon from a different legit application in order to fool users
    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC86EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF73EC86EF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32pdh.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imaging.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingtk.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingmath.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingcms.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_webp.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16376
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeAPI coverage: 0.9 %
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC888D0 FindFirstFileExW,FindClose,0_2_00007FF73EC888D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF73ECA1EE4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC97E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF73EC97E4C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB304C FindFirstFileExW,FindNextFileW,FindClose,2_2_00007FF8A8EB304C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB3290 FindFirstFileExW,FindNextFileW,FindClose,2_2_00007FF8A8EB3290
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B93D0150 GetSystemInfo,VirtualAlloc,2_2_00007FF8B93D0150
    Source: 0jNz7djbpp.exe, 00000000.00000003.2061558632.0000016995637000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: 0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF597C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: hGfsocks5
    Source: 0jNz7djbpp.exe, 00000002.00000002.3299717589.0000014DF4010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC8C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73EC8C57C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA3AF0 GetProcessHeap,0_2_00007FF73ECA3AF0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC8C760 SetUnhandledExceptionFilter,0_2_00007FF73EC8C760
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC8C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73EC8C57C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC9ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73EC9ABD8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC8BCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF73EC8BCE0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8093068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8093068
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8092AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8092AA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A81B2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A81B2126
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8EB0F30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8EB0F30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8A8E898F4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8E898F4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78142E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B78142E8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7813D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B7813D20
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7834090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B7834090
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7834660 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B7834660
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A26A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B78A26A0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B78A30E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B78A30E8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7DE1C20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B7DE1C20
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7DE21F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B7DE21F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7E3FFF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B7E3FFF8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B7E3FA30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B7E3FA30
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B03398 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8B03398
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B02DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8B02DD0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B33710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8B33710
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B33CE0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8B33CE0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8C11A00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8C11A00
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8C11430 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8C11430
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8CB19D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8CB19D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8CB1FA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8CB1FA0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F71AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8F71AC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F714F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8F714F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F8AB08 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B8F8AB08
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8F8A0C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B8F8A0C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B93C6554 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B93C6554
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B93C5FB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B93C5FB0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B9841AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8B9841AC0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B98414F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B98414F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B9F70AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8B9F70AA8
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeProcess created: C:\Users\user\Desktop\0jNz7djbpp.exe "C:\Users\user\Desktop\0jNz7djbpp.exe"Jump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA9E40 cpuid 0_2_00007FF73ECA9E40
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00007FF8A8EAFA58
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,2_2_00007FF8A8EAD2F0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: GetPrimaryLen,EnumSystemLocalesW,2_2_00007FF8A8EAF3D4
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: EnumSystemLocalesW,2_2_00007FF8A8EAF36C
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: GetPrimaryLen,EnumSystemLocalesW,2_2_00007FF8A8EAF488
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: GetProcAddress,GetLocaleInfoW,2_2_00007FF8A8E5D5C0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00007FF8A8EAF8D0
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\PIL VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\numpy VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23522\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeQueries volume information: C:\Users\user\Desktop\0jNz7djbpp.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73EC8C460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF73EC8C460
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 0_2_00007FF73ECA6370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF73ECA6370

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: 0jNz7djbpp.exe PID: 3128, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: 0jNz7djbpp.exe PID: 3128, type: MEMORYSTR
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B05074 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FF8B8B05074
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8B06078 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FF8B8B06078
    Source: C:\Users\user\Desktop\0jNz7djbpp.exeCode function: 2_2_00007FF8B8CB2A8C bind,WSAGetLastError,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString,2_2_00007FF8B8CB2A8C

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Masquerading    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		22
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Virtualization/Sandbox Evasion    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Process Injection    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS1
    File and Directory Discovery    		Distributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA Secrets34
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Timestomp    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    0jNz7djbpp.exe16%ReversingLabsWin32.Ransomware.PythonStealer
    0jNz7djbpp.exe100%AviraTR/PSW.Agent.vgtlf

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imaging.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingcms.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingmath.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingtk.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_webp.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI23522\libcrypto-3.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/00%Avira URL Cloudsafe
    https://requests.readthedocs.ioxep%0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    httpbin.org
    		34.224.200.202
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.telegram.org/bot0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://api.telegram.org/botz0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://aka.ms/vcpython270jNz7djbpp.exe, 00000002.00000002.3300788421.0000014DF4A60000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/0jNz7djbpp.exe, 00000000.00000003.2087623431.0000016995639000.00000004.00000020.00020000.00000000.sdmp, _mt19937.cp312-win_amd64.pyd.0.drfalse
                		high
                https://github.com/mhammond/pywin320jNz7djbpp.exe, 00000000.00000002.3298672667.0000016995646000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093637975.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2091233599.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2094058307.0000016995639000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2093766483.0000016995639000.00000004.00000020.00020000.00000000.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.dr, win32pdh.pyd.0.drfalse
                  		high
                  http://crl.dhimyotis.com/certignarootca.crl00jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp_generator.cp312-win_amd64.pyd.0.drfalse
                      		high
                      http://mathworld.wolfram.com/NoncentralF-Distribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                        		high
                        https://gist.github.com/imneme/540829265469e673d045bit_generator.cp312-win_amd64.pyd.0.drfalse
                          		high
                          http://repository.swisssign.com/00jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1D88000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://docs.python.org/library/unittest.html0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://setuptools.pypa.io/en/latest/0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/pyca/cryptography/actions?query=workflow%3ACI0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                  		high
                                  https://tools.ietf.org/html/rfc2388#section-4.40jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.00jNz7djbpp.exe, 00000000.00000003.2062112050.000001699563B000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2062200984.0000016995646000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000000.00000003.2062112050.0000016995646000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                      		high
                                      https://packaging.python.org/en/latest/specifications/core-metadata/0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106294038.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107852422.0000014DF3E9B000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2105480166.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/pypa/packaging0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://mathworld.wolfram.com/LaplaceDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                              		high
                                              https://refspecs.linuxfoundation.org/elf/gabi40jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://ipinfo.io/json0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF59B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr0jNz7djbpp.exe, 00000002.00000003.2103519400.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103055909.0000014DF4011000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329630jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crl.dhimyotis.com/certignarootca.crlU0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.python.org/3/library/subprocess#subprocess.Popen.kill0jNz7djbpp.exe, 00000002.00000002.3302015458.0000014DF54C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/platformdirs/platformdirs0jNz7djbpp.exe, 00000002.00000002.3300195894.0000014DF4530000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://peps.python.org/pep-0205/0jNz7djbpp.exe, 00000002.00000003.2104650574.0000014DF3E39000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2104160922.0000014DF3E39000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2104160922.0000014DF3D32000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2097764926.0000014DF394F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2098074179.0000014DF394F000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                              		high
                                                              http://crl.dhimyotis.com/certignarootca.crl0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://curl.haxx.se/rfc/cookie_spec.html0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://ocsp.accv.es0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode0jNz7djbpp.exe, 00000002.00000002.3302015458.0000014DF54C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://personal.math.ubc.ca/~cbm/aands/page_67.htm_multiarray_umath.cp312-win_amd64.pyd.0.drfalse
                                                                        		high
                                                                        http://arxiv.org/abs/1805.10941._generator.cp312-win_amd64.pyd.0.drfalse
                                                                          		high
                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880jNz7djbpp.exe, 00000002.00000002.3298992829.0000014DF37FC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility_sfc64.cp312-win_amd64.pyd.0.drfalse
                                                                                		high
                                                                                https://httpbin.org/get0jNz7djbpp.exe, 00000002.00000002.3302300225.0000014DF57C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                    		high
                                                                                    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#0jNz7djbpp.exe, 00000002.00000003.2103519400.0000014DF3EAC000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103055909.0000014DF4011000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://packaging.python.org/en/latest/specifications/entry-points/0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access0jNz7djbpp.exe, 00000002.00000003.2103568266.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF38D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://mathworld.wolfram.com/NegativeBinomialDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                            		high
                                                                                            https://pypi.org/project/build/).0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://wwww.certigna.fr/autorites/0m0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://foo/bar.tgz0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300531836.0000014DF4860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/python/cpython/issues/86361.0jNz7djbpp.exe, 00000002.00000003.2103942033.0000014DF3E59000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103812799.0000014DF4050000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF38D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                        		high
                                                                                                        https://httpbin.org/0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.apache.org/licenses/0jNz7djbpp.exe, 00000000.00000003.2062112050.000001699563B000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                                            		high
                                                                                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                              		high
                                                                                                              https://wwww.certigna.fr/autorites/0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF4128000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2106229554.0000014DF40D9000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2107676215.0000014DF4128000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.htmlbit_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                    		high
                                                                                                                    https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.0jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/SGCA.crllication0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF4102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cryptography.io/en/latest/installation/0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0jNz7djbpp.exe, 00000002.00000002.3299099681.0000014DF3880000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://www.python.org/psf/license/0jNz7djbpp.exe, 00000002.00000002.3306793258.00007FF8A8CFC000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://mathworld.wolfram.com/CauchyDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                      		high
                                                                                                                                      http://mathworld.wolfram.com/HypergeometricDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.python.org/3/library/multiprocessing.html0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3E72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/pypa/setuptools/issues/417#issuecomment-3922984010jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://mathworld.wolfram.com/PoissonDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.securetrust.com/STCA.crl0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://wwwsearch.sf.net/):0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.accv.es/legislacion_c.htm0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.30jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cryptography.io/en/latest/security/0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crl.xrampsecurity.com/XGCA.crl00jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugs.python.org/issue44497.0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.cert.fnmt.es/dpcs/0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://setuptools.pypa.io/en/latest/pkg_resources.html0jNz7djbpp.exe, 00000002.00000003.2103375897.0000014DF3973000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2103172660.0000014DF3E84000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://google.com/mail0jNz7djbpp.exe, 00000002.00000003.2110910270.0000014DF428A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF427C000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3299802435.0000014DF40E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://packaging.python.org/specifications/entry-points/0jNz7djbpp.exe, 00000002.00000002.3300291942.0000014DF4650000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300392415.0000014DF4760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/jaraco/jaraco.functools/issues/50jNz7djbpp.exe, 00000002.00000002.3300651931.0000014DF4960000.00000004.00001000.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300112896.0000014DF4410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.accv.es000jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D9D000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.python.org/psf/license/)0jNz7djbpp.exe, 00000002.00000002.3306195847.00007FF8A8B84000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0jNz7djbpp.exe, 00000002.00000002.3298673525.0000014DF1E0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://requests.readthedocs.ioxep%0jNz7djbpp.exe, 00000002.00000002.3302461903.0000014DF591C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://readthedocs.org/projects/cryptography/badge/?version=latest0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://foss.heptapod.net/pypy/pypy/-/issues/35390jNz7djbpp.exe, 00000002.00000002.3302190026.0000014DF56C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://google.com/0jNz7djbpp.exe, 00000002.00000003.2111125616.0000014DF4D71000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300952815.0000014DF4CE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://mahler:8092/site-updates.py0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4D43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.inference.org.uk/mackay/itila/_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://mathworld.wolfram.com/BinomialDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://crl.securetrust.com/SGCA.crl0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://.../back.jpeg0jNz7djbpp.exe, 00000002.00000002.3301040018.0000014DF4F2F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3302300225.0000014DF57C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://tools.ietf.org/html/rfc7231#section-4.3.6)0jNz7djbpp.exe, 00000002.00000002.3299497026.0000014DF3CF0000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111080086.0000014DF438F000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111154878.0000014DF3D9A000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000003.2111011723.0000014DF4389000.00000004.00000020.00020000.00000000.sdmp, 0jNz7djbpp.exe, 00000002.00000002.3300058980.0000014DF4368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://github.com/pyca/cryptography0jNz7djbpp.exe, 00000000.00000003.2062300667.000001699563B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.python.org/download/releases/2.3/mro/.0jNz7djbpp.exe, 00000002.00000002.3298992829.0000014DF3780000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          34.224.200.202
                                                                                                                                                                                                          		httpbin.orgUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1571345
                                                                                                                                                                                                          Start date and time:2024-12-09 10:10:18 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 8m 23s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:5
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:0jNz7djbpp.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:151e75f3ed3003b63ecbee13741e788b519db99c5253f32a041f501f28688111.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal76.troj.winEXE@3/102@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                          • VT rate limit hit for: 0jNz7djbpp.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          34.224.200.2027EznMik8Fw.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                            MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                              okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                  u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              httpbin.org7EznMik8Fw.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 44.196.3.45
                                                                                                                                                                                                                              L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 44.196.3.45

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              AMAZON-AESUS7EznMik8Fw.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 44.196.3.45
                                                                                                                                                                                                                              L5OMdZqWzq.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              ssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 34.224.200.202
                                                                                                                                                                                                                              I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              • 44.196.3.45

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imaging.cp312-win_amd64.pydokG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                  hSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                      okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                        d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                            KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Windows.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                CrowdStrike Falcon.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imaging.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2582528
                                                                                                                                                                                                                                                  Entropy (8bit):6.457978211619077
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ahLabo89HhLGC4BmK7y9VnuEILrLrLrL6mV6i:XJlK7yg
                                                                                                                                                                                                                                                  MD5:0376776F076CD4F4AC15EC4D813C5470
                                                                                                                                                                                                                                                  SHA1:381F84735A11ACE4673D8BE53138E652D4415413
                                                                                                                                                                                                                                                  SHA-256:A7DDF4D7CAB08676BB88A42059353C5374600901B3AB880E17EE1A0D0150C380
                                                                                                                                                                                                                                                  SHA-512:06D68B9E5DAF90D05855BF2C57B6110BFC2F20F4731B023B5AAA39145FD3AB66525D39988B8516731045AD16A89EB0457487DD080AEB347BA24A2E47ECE98BBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: JxrkpYVdCp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: hSyJxPUUDx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: u08NgsGNym.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: d7rnBT699m.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: KkgQY27Qqn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Windows.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: CrowdStrike Falcon.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........%.}.v.}.v.}.v..)v.}.v...w.}.v..Gv.}.v...w.}.v...w.}.v...w.}.vw..w.}.v...w.}.v.}.v.|.v.}.v.}.v...w.|.v...w.}.v...w.}.v..Ev.}.v...w.}.vRich.}.v........................PE..d.....e.........." ...%.............X........................................'...........`......................................... .%.`.....%.......'.......&...............'.....P{$......................{$.(....z$.@............................................text...X........................... ..`.rdata...).......*..................@..@.data........&..`....%.............@....pdata........&......D&.............@..@.rsrc.........'......P'.............@..@.reloc........'......R'.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingcms.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):262144
                                                                                                                                                                                                                                                  Entropy (8bit):6.291831001741347
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:gQG8+hL4/nOYRI7O0hdlnLg9uP1+74/LgHmPr9qvZqhLaHLTLrLfqeqwL1dQ5hz0:gQG8z/shdlnLg9uP1+74/LgHmPr9qvZr
                                                                                                                                                                                                                                                  MD5:48F7F14636DA0BC081A34ACBFE30D77D
                                                                                                                                                                                                                                                  SHA1:E38B1F4E6F42219CC2D31D7EAF4FD49A8AD36D69
                                                                                                                                                                                                                                                  SHA-256:3C2CEDEBABB5748F78FBA56634FD49CDAAD02C18D808D7E2B4F50E2800C7930F
                                                                                                                                                                                                                                                  SHA-512:7C077CB4727E5879598D0DDACF4507806C66980C8E312F2A3861BC6448D5802F99F01535E9C2ECDF78F700DB78B3F03BC3989E81F28A57398F4AD8E9E1FDA7F3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V[jw8.jw8.jw8.c...dw8...9.hw8...=.gw8...<.bw8...;.nw8...9.hw8.!.9.mw8.jw9..w8.P.0.|w8.P.8.kw8.P...kw8.P.:.kw8.Richjw8.........PE..d.....e.........." ...%..... ...............................................@............`......................................... ...h............ ..........4/...........0.......`..............................p_..@...............p............................text...h........................... ..`.rdata..............................@..@.data....?.......:..................@....pdata..4/.......0..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingmath.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24576
                                                                                                                                                                                                                                                  Entropy (8bit):5.547840685902378
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:WuwU58R4Pp/4TsXlCr8AN+I6iYLz9IKVxgyJ+X9:Hp8Rs4TWCr8vHH97V6P9
                                                                                                                                                                                                                                                  MD5:8F67156CE61C7DE23E19F9445C8BA504
                                                                                                                                                                                                                                                  SHA1:B9E344FE41B3FC77CE0012930B7ED9AF47EB500C
                                                                                                                                                                                                                                                  SHA-256:8287A2A551BD99B5D55E18E461FEDB3704B74B0FB60F1E0881C792F90A18CE46
                                                                                                                                                                                                                                                  SHA-512:F70F24CEF7475547F5B29D1AE6DB7BD1DE6D1AA906E21705E40ED5C18F4F059CE9BB14DFD353776EFC08B985881A102DEA1948632EDCCACF76CC72D126651EB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@...@...@......@...A...@..A...@...E...@...D...@...C...@.[.A...@...A...@..`H...@..`@...@..`....@..`B...@.Rich..@.........PE..d.....e.........." ...%.6...,......P9....................................................`.........................................``..h....`..x...............P...............@....U...............................S..@............P..`............................text...(4.......6.................. ..`.rdata.. ....P.......:..............@..@.data........p.......R..............@....pdata..P............T..............@..@.rsrc................\..............@..@.reloc..@............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_imagingtk.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                  Entropy (8bit):4.947735133076573
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Eq/Ztwurp+xOkpDds0KpbQoSM8WEumw/vE9FWckgTJ5:NZLaDFKpcoSIk9OgT
                                                                                                                                                                                                                                                  MD5:7E912D07A39E16BB25CF32B7153515C8
                                                                                                                                                                                                                                                  SHA1:60B2020DA661C6526FB09BCBCA6456520480BCAD
                                                                                                                                                                                                                                                  SHA-256:D1E5D023821A9C38967FFAA9BDBF4DDE998A3A6BC37942CA334A13E55A1FC711
                                                                                                                                                                                                                                                  SHA-512:EB47383DF193573AE5788023ACE576199F8BB0506406A95A26CD3CA688D0AF66E3E24EB13A9811B08932B81603848E70660BBD6806222C09749BFC0858A668E9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s>H..mH..mH..mA.mB..m]..lJ..m]..lD..m]..l@..m]..lK..m...lJ..m...lM..mH..m|..mr5.lJ..mr5.lI..mr5.mI..mr5.lI..mRichH..m................PE..d.....e.........." ...%.....$......@.....................................................`..........................................;..d....;.......p.......`..................<...`5.............................. 4..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data........P.......0..............@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc..<............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\PIL\_webp.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):534528
                                                                                                                                                                                                                                                  Entropy (8bit):6.582425403943618
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:HsQIgnVCZh4nbXy8mAC1tQzLrLrLrLWmE5Gx0Hs/JJY:Hs4wwnbXBzLrLrLrLWmE60Hs/J+
                                                                                                                                                                                                                                                  MD5:12D05951F8004E24EEAA0E45D587FE8E
                                                                                                                                                                                                                                                  SHA1:CB42E43B3E55A18F765657BD436A566BA73747A3
                                                                                                                                                                                                                                                  SHA-256:D96B196126A033F1D7832E29CEE44928683FAB00242E812815FF95FFFED1AF54
                                                                                                                                                                                                                                                  SHA-512:3622C6E537096CCA34A6097E2BF8DE7477DC8B1333360B57F1DC0665147746A837F0B82EBAD06A8304B363F85E140FEFBDA2353D74B024208FF4124844029C47
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l....w...w...w..u....w..rv...w..uv...w..rr...w..rs...w..rt...w..pv...w...v...w..s...w......w..w...w.....w..u...w.Rich..w.........................PE..d.....e.........." ...%..................................................................`.........................................P...\............p....... ...N..................`W.............................. V..@............................................text............................... ..`.rdata..............................@..@.data....2..........................@....pdata...N... ...P..................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):119192
                                                                                                                                                                                                                                                  Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                  MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                  SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                  SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                  SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49528
                                                                                                                                                                                                                                                  Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                  MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                  SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                  SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                  SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_asyncio.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):71448
                                                                                                                                                                                                                                                  Entropy (8bit):6.247581706260346
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                                                                  MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                                                                  SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                                                                  SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                                                                  SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_bz2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):84760
                                                                                                                                                                                                                                                  Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                                                                  MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                                                                  SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                                                                  SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                                                                  SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):182784
                                                                                                                                                                                                                                                  Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                                  MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                                  SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                                  SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                                  SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_ctypes.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):125208
                                                                                                                                                                                                                                                  Entropy (8bit):6.128664719423826
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                                                                  MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                                                                  SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                                                                  SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                                                                  SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_decimal.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):252696
                                                                                                                                                                                                                                                  Entropy (8bit):6.564448148079112
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                                                                  MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                                                                  SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                                                                  SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                                                                  SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_hashlib.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65816
                                                                                                                                                                                                                                                  Entropy (8bit):6.242741772115205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                                                                  MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                                                                  SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                                                                  SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                                                                  SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_lzma.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):159512
                                                                                                                                                                                                                                                  Entropy (8bit):6.846323229710623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                                                                  MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                                                                  SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                                                                  SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                                                                  SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_multiprocessing.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):35096
                                                                                                                                                                                                                                                  Entropy (8bit):6.461229529356597
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                                                                  MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                                                                  SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                                                                  SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                                                                  SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_overlapped.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55576
                                                                                                                                                                                                                                                  Entropy (8bit):6.342203411267264
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                                                                  MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                                                                  SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                                                                  SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                                                                  SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_queue.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32536
                                                                                                                                                                                                                                                  Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                                                                  MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                                                                  SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                                                                  SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                                                                  SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_socket.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83224
                                                                                                                                                                                                                                                  Entropy (8bit):6.338326324626716
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                                                                  MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                                                                  SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                                                                  SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                                                                  SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_sqlite3.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):124696
                                                                                                                                                                                                                                                  Entropy (8bit):6.266006891462829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:9PfqZRAWgyjwzCO4w5y3DUfUK8PtIAOQMo:oAWgKw2C5iSUv1
                                                                                                                                                                                                                                                  MD5:506B13DD3D5892B16857E3E3B8A95AFB
                                                                                                                                                                                                                                                  SHA1:42E654B36F1C79000084599D49B862E4E23D75FF
                                                                                                                                                                                                                                                  SHA-256:04F645A32B0C58760CC6C71D09224FE90E50409EF5C81D69C85D151DFE65AFF9
                                                                                                                                                                                                                                                  SHA-512:A94F0E9F2212E0B89EB0B5C64598B18AF71B59E1297F0F6475FA4674AE56780B1E586B5EB952C8C9FEBAD38C28AFD784273BBF56645DB2C405AFAE6F472FB65C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d.....e.........." ...%.............................................................d....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_ssl.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):177432
                                                                                                                                                                                                                                                  Entropy (8bit):5.976892131161338
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                                                                  MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                                                                  SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                                                                  SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                                                                  SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\_wmi.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):36632
                                                                                                                                                                                                                                                  Entropy (8bit):6.357254511176439
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                                                                  MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                                                                  SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                                                                  SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                                                                  SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                                                  MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                                                  SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                                                  SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                                                  SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11736
                                                                                                                                                                                                                                                  Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                                                  MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                                                  SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                                                  SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                                                  SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                                                  MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                                                  SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                                                  SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                                                  SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                                                  MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                                                  SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                                                  SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                                                  SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15328
                                                                                                                                                                                                                                                  Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                                                  MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                                                  SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                                                  SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                                                  SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                                                  MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                                                  SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                                                  SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                                                  SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11744
                                                                                                                                                                                                                                                  Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                                                  MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                                                  SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                                                  SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                                                  SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11736
                                                                                                                                                                                                                                                  Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                                                  MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                                                  SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                                                  SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                                                  SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12256
                                                                                                                                                                                                                                                  Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                                                  MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                                                  SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                                                  SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                                                  SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                                                  MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                                                  SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                                                  SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                                                  SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12752
                                                                                                                                                                                                                                                  Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                                                  MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                                                  SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                                                  SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                                                  SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14800
                                                                                                                                                                                                                                                  Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                                                  MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                                                  SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                                                  SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                                                  SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                                                  MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                                                  SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                                                  SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                                                  SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                                                  MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                                                  SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                                                  SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                                                  SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12752
                                                                                                                                                                                                                                                  Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                                                  MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                                                  SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                                                  SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                                                  SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14288
                                                                                                                                                                                                                                                  Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                                                  MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                                                  SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                                                  SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                                                  SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                                                  MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                                                  SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                                                  SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                                                  SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                                                  MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                                                  SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                                                  SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                                                  SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                                                  MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                                                  SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                                                  SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                                                  SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                                                  MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                                                  SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                                                  SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                                                  SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13776
                                                                                                                                                                                                                                                  Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                                                  MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                                                  SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                                                  SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                                                  SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                                                  MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                                                  SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                                                  SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                                                  SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12768
                                                                                                                                                                                                                                                  Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                                                  MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                                                  SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                                                  SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                                                  SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                                                  MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                                                  SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                                                  SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                                                  SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                  Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                                                  MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                                                  SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                                                  SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                                                  SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12752
                                                                                                                                                                                                                                                  Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                                                  MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                                                  SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                                                  SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                                                  SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15824
                                                                                                                                                                                                                                                  Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                                                  MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                                                  SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                                                  SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                                                  SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                                                  MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                                                  SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                                                  SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                                                  SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13776
                                                                                                                                                                                                                                                  Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                                                  MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                                                  SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                                                  SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                                                  SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12752
                                                                                                                                                                                                                                                  Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                                                  MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                                                  SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                                                  SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                                                  SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                                                  MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                                                  SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                                                  SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                                                  SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                  Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                                                  MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                                                  SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                                                  SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                                                  SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64464
                                                                                                                                                                                                                                                  Entropy (8bit):5.537611266681503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:2PMeDe5c4bFe2JyhcvxXWpD7d3334BkZn+Ppzh:2DDe5c4bFe2JyhcvxXWpD7d3334BkZnU
                                                                                                                                                                                                                                                  MD5:D76E7AAECB3D1CA9948C31BDAE52EB9D
                                                                                                                                                                                                                                                  SHA1:142A2BB0084FAA2A25D0028846921545F09D9AE9
                                                                                                                                                                                                                                                  SHA-256:785C49FD9F99C6EB636D78887AA186233E9304921DD835DEE8F72E2609FF65C4
                                                                                                                                                                                                                                                  SHA-512:52DA403286659CF201C72FA0AB3C506ADE86C7E2FEF679F35876A5CEC4AEE97AFBC5BB13A259C51EFB8706F6AE7F5A6A3800176B89F424B6A4E9F3D5B8289620
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....{............" ......................................................................`A........................................P....................................!..............p............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12752
                                                                                                                                                                                                                                                  Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                                                  MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                                                  SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                                                  SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                                                  SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16336
                                                                                                                                                                                                                                                  Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                                                  MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                                                  SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                                                  SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                                                  SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17872
                                                                                                                                                                                                                                                  Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                                                  MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                                                  SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                                                  SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                                                  SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18384
                                                                                                                                                                                                                                                  Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                                                  MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                                                  SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                                                  SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                                                  SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14288
                                                                                                                                                                                                                                                  Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                                                  MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                                                  SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                                                  SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                                                  SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12240
                                                                                                                                                                                                                                                  Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                                                  MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                                                  SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                                                  SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                                                  SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\base_library.zip

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1332263
                                                                                                                                                                                                                                                  Entropy (8bit):5.5864676354018465
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1dG6sF7aYceM:uttcY+UHCiCAd+cqHdmmPHzvwaYceM
                                                                                                                                                                                                                                                  MD5:630153AC2B37B16B8C5B0DBB69A3B9D6
                                                                                                                                                                                                                                                  SHA1:F901CD701FE081489B45D18157B4A15C83943D9D
                                                                                                                                                                                                                                                  SHA-256:EC4E6B8E9F6F1F4B525AF72D3A6827807C7A81978CB03DB5767028EBEA283BE2
                                                                                                                                                                                                                                                  SHA-512:7E3A434C8DF80D32E66036D831CBD6661641C0898BD0838A07038B460261BF25B72A626DEF06D0FAA692CAF64412CA699B1FA7A848FE9D969756E097CBA39E41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\certifi\cacert.pem

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):290282
                                                                                                                                                                                                                                                  Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                                  MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                                  SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                                  SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                                  SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                  Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                                  MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                                  SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                                  SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                                  SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):122880
                                                                                                                                                                                                                                                  Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                                  MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                                  SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                                  SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                                  SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5292
                                                                                                                                                                                                                                                  Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                                  MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                                  SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                                  SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                                  SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15334
                                                                                                                                                                                                                                                  Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                                  MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                                  SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                                  SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                                  SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100
                                                                                                                                                                                                                                                  Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                                  MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                                  SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                                  SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                                  SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                  Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                                  MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                                  SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                                  SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                                  SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:cryptography.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6673920
                                                                                                                                                                                                                                                  Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                                  MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                                  SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                                  SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                                  SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\libcrypto-3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5191960
                                                                                                                                                                                                                                                  Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                                  MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                                  SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                                  SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                                  SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\libffi-8.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):39696
                                                                                                                                                                                                                                                  Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                  MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                  SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                  SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                  SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\libssl-3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):787224
                                                                                                                                                                                                                                                  Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                                  MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                                  SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                                  SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                                  SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38168576
                                                                                                                                                                                                                                                  Entropy (8bit):6.305082264196138
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:196608:O99XmuJ2l6d6iET5BH6ZCy1iMq5NV2OzPWJAt+bOzPWVa+llOzPWIqzfr2V9EwS6:0OzPW5OzPW5OzPWIDMD9K6LSn1ZP
                                                                                                                                                                                                                                                  MD5:5E46C3D334C90C3029EB6AE2A3FE58F2
                                                                                                                                                                                                                                                  SHA1:AD3D806F720289CCB90CE8BFD0DA49FA99E7777B
                                                                                                                                                                                                                                                  SHA-256:57B87772BF676B5C2D718C79DDDC9F039D79EC3319FEE1398CC305ADFF7B69E5
                                                                                                                                                                                                                                                  SHA-512:4BD29D19B619076A64A928F3871EDCCE8416BCF100C1AA1250932479D6536D9497F2F9A2668C90B3479D0D4AB4234FFA06F81BC6B107FAD1BE5097FA2B60AB28
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.D........& ...$.....x......P.........{..............................`........F...`... ......................................P..Xe...................p...$...............V.............................(...................|...P............................text...............................`..`.data....,..........................@.`..rdata...L... ...N..................@.p@.pdata...$...p...&...X..............@.0@.xdata..p#.......$...~..............@.0@.bss.....~............................`..edata..Xe...P...f..................@.0@.idata..............................@.0..CRT....`............"..............@.@..tls.................$..............@.@..reloc...V.......X...&..............@.0B/4...... ....`.......~..............@.PB/19.....Y....p......................@..B/31......_...P...`...`..............@..B/45.................................@..B/57.....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_tests.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):66048
                                                                                                                                                                                                                                                  Entropy (8bit):6.0029845891810085
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:3p/PUg+VQrec6dx6gXZtu5sx0wtvnSPmFzO+ooK83Ngu6nSO:3pUdVQreR68/uItvSPmF6+ojcv6nSO
                                                                                                                                                                                                                                                  MD5:92C51DAF855C25EB229F15CB61F39B5D
                                                                                                                                                                                                                                                  SHA1:2732021A3D1A9EFE52C2B2EC993D3DA3EFBE6246
                                                                                                                                                                                                                                                  SHA-256:95BC29ED6DC02BF8AA3AADD078B9812AAE5E4E8A663778114D20827E9F9C3D8E
                                                                                                                                                                                                                                                  SHA-512:F168E553CA05AE9458A9DC77F8312A3FC9192534C339B20668B461E8975729399CE248693E3CE411AF7A2A88BDFFAF6438175619EBDD27C6AA5AAA1B582E5911
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........T..............................................@............`.........................................0........................ ...............0......P...............................p...8............... ............................text.............................. .P`.rdata..29.......:..................@.P@.data...............................@.P..pdata....... ......................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\core\_multiarray_umath.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2842624
                                                                                                                                                                                                                                                  Entropy (8bit):6.636429648896842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:H/Yfw6/aTE+CyxakxYgfPpmh0By/TDwY6uSOuzLXRB06D:H/Aa/X2/TaOuzL
                                                                                                                                                                                                                                                  MD5:B5322718A11C7DB4C1A1486F1A162ADB
                                                                                                                                                                                                                                                  SHA1:4C77B34D686C197C4790D4B79D70EE59CFA41460
                                                                                                                                                                                                                                                  SHA-256:5EF0804BE17E6ACCF19332DFACB88A89AB24953A14A42D289B2983C55CCE7009
                                                                                                                                                                                                                                                  SHA-512:17D112DD8935CCB2F3FCFD15236A636C59F0E92A4EF861862E06EFD3A2F4EBBBC45533270DFE5B1F65FFF0FD066D19B57240385011F3BB5E63CFF0A06A994F19
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...... ........... .......................................-.......,...`.........................................PX'.t....X'.,.............+.(............`-.|$....%............................. .%.8............. ..............................text...h. ....... ................. .P`.rdata........ ....... .............@.P@.data...P"....'.. ....'.............@.P..pdata..(.....+.......).............@.0@.reloc..|$...`-..&...:+.............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):110080
                                                                                                                                                                                                                                                  Entropy (8bit):6.157829267971521
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:1J7u06kUyyTZDXZhTZdjrozKDaGE2A8wRdpdCqgeh1m:1J7uYkVDXHVdozKe521wRFh3
                                                                                                                                                                                                                                                  MD5:90D30098D86837386A666D6E6388006E
                                                                                                                                                                                                                                                  SHA1:BE1244955C42E8ACEDFF587DB9C9D43A0FC88874
                                                                                                                                                                                                                                                  SHA-256:1B68264914063E2DF22ED04668F937BC43EC58D756091E9D061FDE3D4915CF23
                                                                                                                                                                                                                                                  SHA-512:D0CFEA6E2349B6124939B2CED72C4077FAA3F4525A6A490577C98437EBED1E6A36D26A1552CA1680639EB87E71388FC424C00366720A62742A36A35A8223A782
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|................................................................`.............................................x.......................................<.....................................8............................................text...X{.......|.................. .P`.rdata..p........ ..................@.P@.data...............................@.P..pdata..............................@.0@.reloc..<...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                  Entropy (8bit):6.296943343498824
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:uEXFL7JoLGR94dIIpxFlJz+G6jlTJdaWM0BCQUIGBpdJHIGJQk5S7:ZFxhUxFlJz+njlTX7sIGBpDIfk5S7
                                                                                                                                                                                                                                                  MD5:D536FCFF8E188E4C2239ED9DBC964084
                                                                                                                                                                                                                                                  SHA1:050CFB86702D06DBC4E4ABF9D7A759978A42E8A9
                                                                                                                                                                                                                                                  SHA-256:8F21B754C44B6CD04184E955654243CF05C011DE25E83578C1014B566BAA9D9B
                                                                                                                                                                                                                                                  SHA-512:E9E9A81E246BBAF7C6F7F7D080889EB58EA158F7E12893F5A03A4A59B3662C3FBE1829B68A6AAE05E60ED5C22E09C555028310453F4004470EE5B1E26BCC5646
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....N...T.......R..............................................o!....`.............................................l...,........................................t...............................u..8............`..(............................text....M.......N.................. .P`.rdata...5...`...6...R..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_bounded_integers.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):231936
                                                                                                                                                                                                                                                  Entropy (8bit):6.465013607402119
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:4ibqI1hY1IQN7TBhPztGq6f+WGWHRtxyvJRWjwTk/TG:4ibqI1hIzWfpHHRpjw3
                                                                                                                                                                                                                                                  MD5:D76245820BE06CFE77DB2B0FD9788F49
                                                                                                                                                                                                                                                  SHA1:45689D2B013F97E95A8C1C2FA7DA399F818EC234
                                                                                                                                                                                                                                                  SHA-256:176B0735F50BF071D9B007FD8B0E3E763663D8B02E3EFD1AE07BECB68A629EC4
                                                                                                                                                                                                                                                  SHA-512:1ECE25120EEC6D97188D810F1D8DA00764449577DFF0F6DBE3199136BAFE96BF46C9E4810C4B8942574C4B1D987AAAFE3D547EC4B2488C0F4989B77AA98D7CA0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".................................................................(....`.........................................`e.. ....m..x...............P...............P....H...............................I..8............... ............................text............................... .P`.rdata..............................@.P@.data...8............t..............@.P..pdata..P............v..............@.0@.reloc..P...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_common.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):166400
                                                                                                                                                                                                                                                  Entropy (8bit):6.16054841448225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:4Eh3AzI0GZVlTesyp0k3itVoBzSunh/xoV:4E5UI0GZVNUKVyzSu3C
                                                                                                                                                                                                                                                  MD5:66CF3F29BECCC6AD4EE3EE3B8B7AF98B
                                                                                                                                                                                                                                                  SHA1:5338CA4140BB3C473D18092F6F0349E9D9DC8C56
                                                                                                                                                                                                                                                  SHA-256:185F6666ED6854977B6439B00814B4A56247A309789DCEE29CA17E88DC4F5B87
                                                                                                                                                                                                                                                  SHA-512:3E11C50436973B0EF3CD50DD4DE442DAABC2A0FFE440D49D21960383AB25ACC2467EA7AB78407D7E8387832FA185F581DD17EA81409B861ED816FD473F7652A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........l......P.....................................................`..........................................p..`...@q..x...............`...................P`..............................p`..8............0.. ............................text............................... .P`.rdata...W...0...X..................@.P@.data................v..............@.P..pdata..`............~..............@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):689152
                                                                                                                                                                                                                                                  Entropy (8bit):6.32270721353156
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:aJg7dcXhfd8IE3hjy1IqidsQLRsfxU2exLmxHjwB:ai7uhfaFRBiqRsimxD2
                                                                                                                                                                                                                                                  MD5:F954DC5B1A79106A8CB98A3B481A49C0
                                                                                                                                                                                                                                                  SHA1:099D0498FF69982B1E69B8CA0B07820DB0D1343C
                                                                                                                                                                                                                                                  SHA-256:BB1AEF8C19B81B5B044B5D47D683601EED2C60412D68C075F7AA9EAC55CCBDB0
                                                                                                                                                                                                                                                  SHA-512:50C7DEAB5FEB29A24E29DF756152079A44E413E00E29C98EA9556A7F2C73E88C7CF4A25569F52141E56DB1CC887B9AA8DFB92949A74E086A9B6214997561FDA6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."..... ...`......P$...................................................`..........................................0.......9..................................h... ...............................@...8............0...............................text...X........ .................. .P`.rdata...$...0...&...$..............@.P@.data....0...`.......J..............@.P..pdata...............b..............@.0@.reloc..h...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_mt19937.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):75776
                                                                                                                                                                                                                                                  Entropy (8bit):6.1841804914562974
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:JIZlzNnw+v/wzqo5VJtnkzDQODdPRmdxlEhu8Ef2:gFNnjRoznkzDIqU8Ef2
                                                                                                                                                                                                                                                  MD5:D6D11C2796AE40C950C7E25782999C7A
                                                                                                                                                                                                                                                  SHA1:C82F75A0F2818C714021206DFA312999117BBF00
                                                                                                                                                                                                                                                  SHA-256:E0856FDAB0D2B1FB64BA24E05B83ABDC31212C5C983E32C6B49D3911D97B2D78
                                                                                                                                                                                                                                                  SHA-512:471610535C30206BCCDC11059E743E1870FF9A8969C6B5437D2478926699F8865044462540D6D2AB99DCA3E2ACA19A1A48B3C5BE00D0D0DCE62128E23B683611
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........h......0........................................`....../F....`.............................................`...0...x............@..l............P..|...P...............................p...8............................................text.............................. .P`.rdata...X.......Z..................@.P@.data........0......................@.P..pdata..l....@......................@.0@.reloc..|....P.......&..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_pcg64.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                  Entropy (8bit):6.087600380435088
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:yAaRay9hKIybw+bt41HAURJQdsOJVxi0IW50Vcu/:yAqay3Kdw0t56450yu/
                                                                                                                                                                                                                                                  MD5:C15EAF827584245FAA0E88B62A85D05D
                                                                                                                                                                                                                                                  SHA1:129B7B9A060376D97BFB7328A403C3BD077E6138
                                                                                                                                                                                                                                                  SHA-256:F56ADC692A97E4A6A3D391E04A1CB5A59343652407E2520C5CF79CB6173F0163
                                                                                                                                                                                                                                                  SHA-512:0A239BF2364B3FB652747771F65BAE9485B1485DCC429D3EA7D45F81E4B322AA9D01304CF15E5CBE7ABB6BD876F73195F0A5AA16636D065B90EE8D792AE719C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........t......................................................J&....`........................................../..\..../..x............`...............p......0#..............................P#..8............................................text...h........................... .P`.rdata...a.......b..................@.P@.data........P......................@.P..pdata.......`.......6..............@.0@.reloc.......p.......>..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_philox.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68608
                                                                                                                                                                                                                                                  Entropy (8bit):6.068724798266156
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:XUx34cosUUi6mHW3BYiRUqBkG7B5P6EsSuP:Xw34cIvHWG+nBXB5PNsSuP
                                                                                                                                                                                                                                                  MD5:FDBF66153C13D319D1E7C9F129CF08E3
                                                                                                                                                                                                                                                  SHA1:F8518A17644EF95E89F07C7B713C9B121E05B9C6
                                                                                                                                                                                                                                                  SHA-256:0810150CCEAD60D2B3084333492019AE90A0F28FD82664C96966D9BDC83686F2
                                                                                                                                                                                                                                                  SHA-512:308C228AA502EC2EEB1448E48C45EDD1520833851A1E7902D398E6ED4014F6CFE41345B3B5924711B7285D7E3B5181C848F5F821410FAE3AD9B4229E2B55F12F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........`......P........................................P......V.....`.........................................P...`.......x............0...............@..|.......................................8............................................text............................... .P`.rdata...R.......T..................@.P@.data........ ......................@.P..pdata.......0......................@.0@.reloc..|....@......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\_sfc64.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):50688
                                                                                                                                                                                                                                                  Entropy (8bit):5.851923736767711
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:3N97lLxP9RgV508lRcuyAGYp6iyVqonQHsXaMoP9UrWEl+AMP:Lz1RgVTXy2cK9kWElyP
                                                                                                                                                                                                                                                  MD5:ECEC79538AB9149FFBD3F326BBE4A638
                                                                                                                                                                                                                                                  SHA1:655AE3B72CD0A52D11CF76EEB5FDC5098CEEE750
                                                                                                                                                                                                                                                  SHA-256:EEC06C70418E3D410E55D47C2FA84F880480CBFB9A4ABF073F188AD2B483C1CB
                                                                                                                                                                                                                                                  SHA-512:94C334124C4E6666D6A96448672B8B7EF37AF76C783ED82837792FB271745A3FABF8C9765EAC46AC31E58EE000B6327B14418024B027DA6DA9C51FF2282AA3DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....x...J.......{..............................................L.....`.........................................p...\......x...............................p......................................8............................................text...Xv.......x.................. .P`.rdata...=.......>...|..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..p...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\bit_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):160768
                                                                                                                                                                                                                                                  Entropy (8bit):6.214539257343106
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:hPTECiv12+KX4IlhvHFucDJeX9bqz18x9C21FpMsDEV2+WarahR2+WarahTYqSyv:hPTECiv12+KIyJ/VeXhGY9RYV2+Waray
                                                                                                                                                                                                                                                  MD5:0025817C31FE2CC158499B1175E2BA92
                                                                                                                                                                                                                                                  SHA1:60A2127356D80333C403246FCBD2BF8B539D5FD6
                                                                                                                                                                                                                                                  SHA-256:D746972E355DCE6131B67D8121AE3BF20191C4FFFE555FE994DEBA8C12FC8591
                                                                                                                                                                                                                                                  SHA-512:2DB30BA60C5900214327191D0975ED24122BEC927AE559AC5B37B47BA41A4B91BAC05C85200BC1633902E9FBE27C46819BDF0860FBE26921D5B6DEE748919A10
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."................P...............................................d=....`.........................................@G..l....G..x....................................5...............................5..8............................................text............................... .P`.rdata..............................@.P@.data...h!...`.......R..............@.P..pdata...............f..............@.0@.reloc...............r..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\numpy\random\mtrand.cp312-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):582656
                                                                                                                                                                                                                                                  Entropy (8bit):6.2168844883747285
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:TkE7mm5J7UiJ8u1hLDlWPsq6p4S4gP4KBSkPSoHRSKrkSoSL7MSquASLSqSwSkSE:AE7JJ7p/P5q660XZ0X2beSn+yijwd
                                                                                                                                                                                                                                                  MD5:1BE97B97C39BBE483D8A8863CDB5DD5E
                                                                                                                                                                                                                                                  SHA1:281082C71F89FF79575B463D8C72F4F76640EE73
                                                                                                                                                                                                                                                  SHA-256:8893E35F6545DE8718D435FC4FFE3583DB0D4EABB2EB087D951FF58A3BBAA7DD
                                                                                                                                                                                                                                                  SHA-512:B6551D0563870F13FB391E65C879E4C69689014009F610C4D7648645409C66AB29505D6D2043D3F8FC63248B3D6AF72C7597F2874348BC038F6F2FEC4002E233
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........(...............................................@............`..................................................................................0......P...............................p...8...............x............................text............................... .P`.rdata..............................@.P@.data...(#..........................@.P..pdata..............................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):67072
                                                                                                                                                                                                                                                  Entropy (8bit):5.90551713971002
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:ZhseNxkc7Xva0Y420G1UD+dS4gBeLmRy:Z1kcbi0Y42bUD+dS4oeiRy
                                                                                                                                                                                                                                                  MD5:01F9D30DD889A3519E3CA93FE6EFEE70
                                                                                                                                                                                                                                                  SHA1:EBF55ADBD8CD938C4C11D076203A3E54D995AEFF
                                                                                                                                                                                                                                                  SHA-256:A66444A08A8B9CEAFA05DAEFEB32AA1E65C8009A3C480599F648FA52A20AFB7D
                                                                                                                                                                                                                                                  SHA-512:76FED302D62BB38A39E0BF6C9038730E83B6AFFFA2F36E7A62B85770D4847EA6C688098061945509A1FDB799FB7F5C88699F94E7DA1934F88A9C3B6A433EE9EF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....~e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\pyexpat.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):199448
                                                                                                                                                                                                                                                  Entropy (8bit):6.385263095268062
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                                                                  MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                                                                  SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                                                                  SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                                                                  SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\python3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68376
                                                                                                                                                                                                                                                  Entropy (8bit):6.14896460878624
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                                                                  MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                                                                  SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                                                                  SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                                                                  SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\python312.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7009048
                                                                                                                                                                                                                                                  Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                                                                  MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                                                                  SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                                                                  SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                                                                  SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):134656
                                                                                                                                                                                                                                                  Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                                  MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                                  SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                                  SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                                  SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\select.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):30488
                                                                                                                                                                                                                                                  Entropy (8bit):6.582548725691534
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                                                                  MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                                                                  SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                                                                  SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                                                                  SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\sqlite3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1500440
                                                                                                                                                                                                                                                  Entropy (8bit):6.588676275246953
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:iTqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFv++b:hk0jwv4tP5kf8ar/74EF2/An4acrVUcc
                                                                                                                                                                                                                                                  MD5:C1161C1CEC57C5FFF89D10B62A8E2C3A
                                                                                                                                                                                                                                                  SHA1:C4F5DEA84A295EC3FF10307A0EA3BA8D150BE235
                                                                                                                                                                                                                                                  SHA-256:D1FD3040ACDDF6551540C2BE6FF2E3738F7BD4DFD73F0E90A9400FF784DD15E6
                                                                                                                                                                                                                                                  SHA-512:D545A6DC30F1D343EDF193972833C4C69498DC4EA67278C996426E092834CB6D814CE98E1636C485F9B1C47AD5C68D6F432E304CD93CEED0E1E14FEAF39B104A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d......e.........." ...%............................................................M7....`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\ucrtbase.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1035728
                                                                                                                                                                                                                                                  Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                                                  MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                                                  SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                                                  SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                                                  SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\unicodedata.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1137944
                                                                                                                                                                                                                                                  Entropy (8bit):5.462202215180296
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                                                                  MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                                                                  SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                                                                  SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                                                                  SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32api.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):133632
                                                                                                                                                                                                                                                  Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                                  MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                                  SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                                  SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                                  SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32crypt.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):123904
                                                                                                                                                                                                                                                  Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                                  MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                                  SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                                  SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                                  SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI23522\win32\win32pdh.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34816
                                                                                                                                                                                                                                                  Entropy (8bit):5.607776737873708
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:qTtWWcU+d47NgCuVuA7dBm7BZ1CHrWBGwm3ReuuR+F1igomqhPGZGQvD3+VC5pEa:qM47+YedBm0WBgIuuGigahAF7+m2Ca
                                                                                                                                                                                                                                                  MD5:1580EE4142FB1F90F00B9F5A3CA297EB
                                                                                                                                                                                                                                                  SHA1:BC730100B6E8C85F709BCFB4FD7A81FB91ABF7D1
                                                                                                                                                                                                                                                  SHA-256:BD3F16AFB19AF91B016AB3E9669CD845F70F7A4B7A2489A81F312F060B1FB020
                                                                                                                                                                                                                                                  SHA-512:692C4A0595B715B14A53B41DD192AFB3058A85530975C0CAC673F3D70A2AA31FA66762FC7F453739B35971559F33E6CB20C62FC13C79796E43FF14A8728A26A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d.wKd.wKd.wKm..Kb.wK6.vJ`.wKp.vJf.wK6.rJh.wK6.sJl.wK6.tJg.wK..vJa.wKd.vK<.wK..~Je.wK..wJe.wK..uJe.wKRichd.wK........PE..d......d.........." .....D...@.......@....................................................`.........................................@...P...............\............................p..T............................p..8............`...............................text....C.......D.................. ..`.rdata..X,...`.......H..............@..@.data...x............v..............@....pdata...............z..............@..@.rsrc...\...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):7.997015048064936
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:0jNz7djbpp.exe
                                                                                                                                                                                                                                                  File size:31'979'318 bytes
                                                                                                                                                                                                                                                  MD5:2bfda47c91a80443539fb763dc2b6027
                                                                                                                                                                                                                                                  SHA1:4ab34c3028dea6c636ed7ae2f94ec55cd8a78d55
                                                                                                                                                                                                                                                  SHA256:151e75f3ed3003b63ecbee13741e788b519db99c5253f32a041f501f28688111
                                                                                                                                                                                                                                                  SHA512:23443af6ceef03d2b131127e1c57a830e69cb2e9f03e0435d3bb0290b78dbdf90c307b752bb2b7d887ef3603448d2d211896aecbca2488f5c1f47fa6ff23b3de
                                                                                                                                                                                                                                                  SSDEEP:786432:ypb6HUTLJE1QtIJ2j6+s7LWB75zupmS3ILn6e1zeCQVH:DHUTdQiIJ2qHWB75ipmSGJ
                                                                                                                                                                                                                                                  TLSH:5467335AB35568B2E2DB423A923584AA26537CDC13B0CA5F43F932631BBF1738E35135
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:0fd88dc89ea7861b

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x65E7BB02 [Wed Mar 6 00:38:26 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                  OS Version Minor:2
                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                  File Version Minor:2
                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                  Subsystem Version Minor:2
                                                                                                                                                                                                                                                  Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007F23086C34BCh
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  jmp 00007F23086C30CFh
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007F23086C3A34h
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007F23086C3273h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                  jmp 00007F23086C3257h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                                  je 00007F23086C3266h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                                  jne 00007F23086C3240h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                  jmp 00007F23086C3249h
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                  movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                                  mov ebx, 00000001h
                                                                                                                                                                                                                                                  cmove eax, ebx
                                                                                                                                                                                                                                                  mov byte ptr [00034257h], al
                                                                                                                                                                                                                                                  call 00007F23086C3833h
                                                                                                                                                                                                                                                  call 00007F23086C4952h
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007F23086C3256h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  jmp 00007F23086C3266h
                                                                                                                                                                                                                                                  call 00007F23086D18F1h
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007F23086C325Bh
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call 00007F23086C4962h
                                                                                                                                                                                                                                                  jmp 00007F23086C323Ch
                                                                                                                                                                                                                                                  mov al, bl
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 20h
                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                  cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                  jne 00007F23086C32B9h
                                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                                  jnbe 00007F23086C32BCh
                                                                                                                                                                                                                                                  call 00007F23086C399Ah
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007F23086C327Ah

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x10e34.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x75c.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x2b0000x12bf40x12c004cbd6e497485cdcb2e7d153f20d4f2e7False0.5184375data5.834994210614785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x460000x10e340x110002be902e1194d879622f139b94ca07301False0.15340647977941177data3.990049962265339IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0x570000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_ICON0x460e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m0.14468236129184905
                                                                                                                                                                                                                                                  RT_GROUP_ICON0x569100x14data1.15
                                                                                                                                                                                                                                                  RT_MANIFEST0x569240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                                                                  KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.763633013 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.763686895 CET4434970534.224.200.202192.168.2.5
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.763783932 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:18.882863045 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:18.882893085 CET4434970534.224.200.202192.168.2.5
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.618823051 CET4434970534.224.200.202192.168.2.5
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.619719028 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.619750977 CET4434970534.224.200.202192.168.2.5
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.621193886 CET4434970534.224.200.202192.168.2.5
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.621260881 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.622651100 CET49705443192.168.2.534.224.200.202
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:20.622786045 CET49705443192.168.2.534.224.200.202

                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.464874029 CET5801853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.758297920 CET53580181.1.1.1192.168.2.5

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.464874029 CET192.168.2.51.1.1.10x532eStandard query (0)httpbin.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.758297920 CET1.1.1.1192.168.2.50x532eNo error (0)httpbin.org34.224.200.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 9, 2024 10:11:16.758297920 CET1.1.1.1192.168.2.50x532eNo error (0)httpbin.org44.196.3.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:04:11:09
                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\0jNz7djbpp.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff73ec80000
                                                                                                                                                                                                                                                  File size:31'979'318 bytes
                                                                                                                                                                                                                                                  MD5 hash:2BFDA47C91A80443539FB763DC2B6027
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:04:11:13
                                                                                                                                                                                                                                                  Start date:09/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\0jNz7djbpp.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff73ec80000
                                                                                                                                                                                                                                                  File size:31'979'318 bytes
                                                                                                                                                                                                                                                  MD5 hash:2BFDA47C91A80443539FB763DC2B6027
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:9.7%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:12.8%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:31
                                                                                                                                                                                                                                                    execution_graph 15172 7ff73ec8b4f0 15173 7ff73ec8b513 15172->15173 15174 7ff73ec8b52f memcpy_s 15172->15174 15176 7ff73ec9dbbc 15173->15176 15177 7ff73ec9dc07 15176->15177 15181 7ff73ec9dbcb _get_daylight 15176->15181 15186 7ff73ec954c4 15177->15186 15179 7ff73ec9dbee HeapAlloc 15180 7ff73ec9dc05 15179->15180 15179->15181 15180->15174 15181->15177 15181->15179 15183 7ff73eca3c00 15181->15183 15189 7ff73eca3c40 15183->15189 15195 7ff73ec9b888 GetLastError 15186->15195 15188 7ff73ec954cd 15188->15180 15194 7ff73eca0cb8 EnterCriticalSection 15189->15194 15196 7ff73ec9b8c9 FlsSetValue 15195->15196 15200 7ff73ec9b8ac 15195->15200 15197 7ff73ec9b8db 15196->15197 15201 7ff73ec9b8b9 SetLastError 15196->15201 15212 7ff73ec9f158 15197->15212 15200->15196 15200->15201 15201->15188 15203 7ff73ec9b908 FlsSetValue 15206 7ff73ec9b914 FlsSetValue 15203->15206 15207 7ff73ec9b926 15203->15207 15204 7ff73ec9b8f8 FlsSetValue 15205 7ff73ec9b901 15204->15205 15219 7ff73ec9af0c 15205->15219 15206->15205 15225 7ff73ec9b4b8 15207->15225 15217 7ff73ec9f169 _get_daylight 15212->15217 15213 7ff73ec9f1ba 15216 7ff73ec954c4 _get_daylight 10 API calls 15213->15216 15214 7ff73ec9f19e HeapAlloc 15215 7ff73ec9b8ea 15214->15215 15214->15217 15215->15203 15215->15204 15216->15215 15217->15213 15217->15214 15218 7ff73eca3c00 _get_daylight 2 API calls 15217->15218 15218->15217 15220 7ff73ec9af11 RtlFreeHeap 15219->15220 15221 7ff73ec9af40 15219->15221 15220->15221 15222 7ff73ec9af2c GetLastError 15220->15222 15221->15201 15223 7ff73ec9af39 __free_lconv_num 15222->15223 15224 7ff73ec954c4 _get_daylight 9 API calls 15223->15224 15224->15221 15230 7ff73ec9b390 15225->15230 15242 7ff73eca0cb8 EnterCriticalSection 15230->15242 18329 7ff73eca84f0 18332 7ff73eca2c60 18329->18332 18333 7ff73eca2c6d 18332->18333 18337 7ff73eca2cb2 18332->18337 18338 7ff73ec9b7e4 18333->18338 18339 7ff73ec9b810 FlsSetValue 18338->18339 18340 7ff73ec9b7f5 FlsGetValue 18338->18340 18341 7ff73ec9b802 18339->18341 18342 7ff73ec9b81d 18339->18342 18340->18341 18343 7ff73ec9b80a 18340->18343 18344 7ff73ec9b808 18341->18344 18345 7ff73ec9aa9c __CxxCallCatchBlock 45 API calls 18341->18345 18346 7ff73ec9f158 _get_daylight 11 API calls 18342->18346 18343->18339 18358 7ff73eca2934 18344->18358 18347 7ff73ec9b885 18345->18347 18348 7ff73ec9b82c 18346->18348 18349 7ff73ec9b84a FlsSetValue 18348->18349 18350 7ff73ec9b83a FlsSetValue 18348->18350 18352 7ff73ec9b856 FlsSetValue 18349->18352 18353 7ff73ec9b868 18349->18353 18351 7ff73ec9b843 18350->18351 18354 7ff73ec9af0c __free_lconv_num 11 API calls 18351->18354 18352->18351 18355 7ff73ec9b4b8 _get_daylight 11 API calls 18353->18355 18354->18341 18356 7ff73ec9b870 18355->18356 18357 7ff73ec9af0c __free_lconv_num 11 API calls 18356->18357 18357->18344 18381 7ff73eca2ba4 18358->18381 18360 7ff73eca2969 18396 7ff73eca2634 18360->18396 18363 7ff73ec9dbbc _fread_nolock 12 API calls 18364 7ff73eca2997 18363->18364 18365 7ff73eca299f 18364->18365 18366 7ff73eca29ae 18364->18366 18367 7ff73ec9af0c __free_lconv_num 11 API calls 18365->18367 18403 7ff73eca2cdc 18366->18403 18380 7ff73eca2986 18367->18380 18370 7ff73eca2aaa 18371 7ff73ec954c4 _get_daylight 11 API calls 18370->18371 18373 7ff73eca2aaf 18371->18373 18372 7ff73eca2b05 18375 7ff73eca2b6c 18372->18375 18414 7ff73eca2464 18372->18414 18376 7ff73ec9af0c __free_lconv_num 11 API calls 18373->18376 18374 7ff73eca2ac4 18374->18372 18377 7ff73ec9af0c __free_lconv_num 11 API calls 18374->18377 18379 7ff73ec9af0c __free_lconv_num 11 API calls 18375->18379 18376->18380 18377->18372 18379->18380 18380->18337 18382 7ff73eca2bc7 18381->18382 18384 7ff73eca2bd1 18382->18384 18429 7ff73eca0cb8 EnterCriticalSection 18382->18429 18386 7ff73eca2c43 18384->18386 18387 7ff73ec9aa9c __CxxCallCatchBlock 45 API calls 18384->18387 18386->18360 18389 7ff73eca2c5b 18387->18389 18391 7ff73eca2cb2 18389->18391 18393 7ff73ec9b7e4 50 API calls 18389->18393 18391->18360 18394 7ff73eca2c9c 18393->18394 18395 7ff73eca2934 65 API calls 18394->18395 18395->18391 18397 7ff73ec94f98 45 API calls 18396->18397 18398 7ff73eca2648 18397->18398 18399 7ff73eca2654 GetOEMCP 18398->18399 18400 7ff73eca2666 18398->18400 18401 7ff73eca267b 18399->18401 18400->18401 18402 7ff73eca266b GetACP 18400->18402 18401->18363 18401->18380 18402->18401 18404 7ff73eca2634 47 API calls 18403->18404 18405 7ff73eca2d09 18404->18405 18406 7ff73eca2d46 IsValidCodePage 18405->18406 18412 7ff73eca2e5f 18405->18412 18413 7ff73eca2d60 memcpy_s 18405->18413 18408 7ff73eca2d57 18406->18408 18406->18412 18407 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 18409 7ff73eca2aa1 18407->18409 18410 7ff73eca2d86 GetCPInfo 18408->18410 18408->18413 18409->18370 18409->18374 18410->18412 18410->18413 18412->18407 18430 7ff73eca274c 18413->18430 18486 7ff73eca0cb8 EnterCriticalSection 18414->18486 18431 7ff73eca2789 GetCPInfo 18430->18431 18440 7ff73eca287f 18430->18440 18432 7ff73eca279c 18431->18432 18431->18440 18435 7ff73eca34b0 48 API calls 18432->18435 18433 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 18434 7ff73eca291e 18433->18434 18434->18412 18436 7ff73eca2813 18435->18436 18441 7ff73eca8454 18436->18441 18439 7ff73eca8454 54 API calls 18439->18440 18440->18433 18442 7ff73ec94f98 45 API calls 18441->18442 18443 7ff73eca8479 18442->18443 18446 7ff73eca8120 18443->18446 18447 7ff73eca8161 18446->18447 18448 7ff73ec9fc00 _fread_nolock MultiByteToWideChar 18447->18448 18452 7ff73eca81ab 18448->18452 18449 7ff73eca8429 18450 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 18449->18450 18451 7ff73eca2846 18450->18451 18451->18439 18452->18449 18453 7ff73ec9dbbc _fread_nolock 12 API calls 18452->18453 18454 7ff73eca81e3 18452->18454 18465 7ff73eca82e1 18452->18465 18453->18454 18456 7ff73ec9fc00 _fread_nolock MultiByteToWideChar 18454->18456 18454->18465 18455 7ff73ec9af0c __free_lconv_num 11 API calls 18455->18449 18457 7ff73eca8256 18456->18457 18457->18465 18477 7ff73ec9f5a4 18457->18477 18460 7ff73eca82a1 18462 7ff73ec9f5a4 __crtLCMapStringW 6 API calls 18460->18462 18460->18465 18461 7ff73eca82f2 18463 7ff73ec9dbbc _fread_nolock 12 API calls 18461->18463 18464 7ff73eca83c4 18461->18464 18467 7ff73eca8310 18461->18467 18462->18465 18463->18467 18464->18465 18466 7ff73ec9af0c __free_lconv_num 11 API calls 18464->18466 18465->18449 18465->18455 18466->18465 18467->18465 18468 7ff73ec9f5a4 __crtLCMapStringW 6 API calls 18467->18468 18469 7ff73eca8390 18468->18469 18469->18464 18470 7ff73eca83b0 18469->18470 18471 7ff73eca83c6 18469->18471 18472 7ff73eca04c8 WideCharToMultiByte 18470->18472 18473 7ff73eca04c8 WideCharToMultiByte 18471->18473 18474 7ff73eca83be 18472->18474 18473->18474 18474->18464 18475 7ff73eca83de 18474->18475 18475->18465 18476 7ff73ec9af0c __free_lconv_num 11 API calls 18475->18476 18476->18465 18478 7ff73ec9f1d0 __crtLCMapStringW 5 API calls 18477->18478 18479 7ff73ec9f5e2 18478->18479 18480 7ff73ec9f5ea 18479->18480 18483 7ff73ec9f690 18479->18483 18480->18460 18480->18461 18480->18465 18482 7ff73ec9f653 LCMapStringW 18482->18480 18484 7ff73ec9f1d0 __crtLCMapStringW 5 API calls 18483->18484 18485 7ff73ec9f6be __crtLCMapStringW 18484->18485 18485->18482 18487 7ff73ecaaaf4 18490 7ff73ec95378 LeaveCriticalSection 18487->18490 15249 7ff73ec9fcec 15250 7ff73ec9fede 15249->15250 15254 7ff73ec9fd2e _isindst 15249->15254 15251 7ff73ec954c4 _get_daylight 11 API calls 15250->15251 15269 7ff73ec9fece 15251->15269 15254->15250 15255 7ff73ec9fdae _isindst 15254->15255 15270 7ff73eca6904 15255->15270 15260 7ff73ec9ff0a 15310 7ff73ec9aec4 IsProcessorFeaturePresent 15260->15310 15267 7ff73ec9fe0b 15267->15269 15294 7ff73eca6948 15267->15294 15301 7ff73ec8bcc0 15269->15301 15271 7ff73eca6913 15270->15271 15275 7ff73ec9fdcc 15270->15275 15314 7ff73eca0cb8 EnterCriticalSection 15271->15314 15276 7ff73eca5d08 15275->15276 15277 7ff73eca5d11 15276->15277 15278 7ff73ec9fde1 15276->15278 15279 7ff73ec954c4 _get_daylight 11 API calls 15277->15279 15278->15260 15282 7ff73eca5d38 15278->15282 15280 7ff73eca5d16 15279->15280 15315 7ff73ec9aea4 15280->15315 15283 7ff73eca5d41 15282->15283 15284 7ff73ec9fdf2 15282->15284 15285 7ff73ec954c4 _get_daylight 11 API calls 15283->15285 15284->15260 15288 7ff73eca5d68 15284->15288 15286 7ff73eca5d46 15285->15286 15287 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 15286->15287 15287->15284 15289 7ff73eca5d71 15288->15289 15290 7ff73ec9fe03 15288->15290 15291 7ff73ec954c4 _get_daylight 11 API calls 15289->15291 15290->15260 15290->15267 15292 7ff73eca5d76 15291->15292 15293 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 15292->15293 15293->15290 15355 7ff73eca0cb8 EnterCriticalSection 15294->15355 15303 7ff73ec8bcc9 15301->15303 15302 7ff73ec8bcd4 15303->15302 15304 7ff73ec8bd20 IsProcessorFeaturePresent 15303->15304 15305 7ff73ec8bd38 15304->15305 15356 7ff73ec8bf14 RtlCaptureContext 15305->15356 15311 7ff73ec9aed7 15310->15311 15361 7ff73ec9abd8 15311->15361 15317 7ff73ec9ad3c 15315->15317 15318 7ff73ec9ad67 15317->15318 15321 7ff73ec9add8 15318->15321 15320 7ff73ec9ad8e 15329 7ff73ec9ab20 15321->15329 15325 7ff73ec9ae13 15325->15320 15327 7ff73ec9aec4 _wfindfirst32i64 17 API calls 15328 7ff73ec9aea3 15327->15328 15330 7ff73ec9ab77 15329->15330 15331 7ff73ec9ab3c GetLastError 15329->15331 15330->15325 15335 7ff73ec9ab8c 15330->15335 15332 7ff73ec9ab4c 15331->15332 15338 7ff73ec9b950 15332->15338 15336 7ff73ec9abc0 15335->15336 15337 7ff73ec9aba8 GetLastError SetLastError 15335->15337 15336->15325 15336->15327 15337->15336 15339 7ff73ec9b96f FlsGetValue 15338->15339 15340 7ff73ec9b98a FlsSetValue 15338->15340 15341 7ff73ec9b984 15339->15341 15343 7ff73ec9ab67 SetLastError 15339->15343 15342 7ff73ec9b997 15340->15342 15340->15343 15341->15340 15344 7ff73ec9f158 _get_daylight 11 API calls 15342->15344 15343->15330 15345 7ff73ec9b9a6 15344->15345 15346 7ff73ec9b9c4 FlsSetValue 15345->15346 15347 7ff73ec9b9b4 FlsSetValue 15345->15347 15348 7ff73ec9b9d0 FlsSetValue 15346->15348 15349 7ff73ec9b9e2 15346->15349 15350 7ff73ec9b9bd 15347->15350 15348->15350 15351 7ff73ec9b4b8 _get_daylight 11 API calls 15349->15351 15352 7ff73ec9af0c __free_lconv_num 11 API calls 15350->15352 15353 7ff73ec9b9ea 15351->15353 15352->15343 15354 7ff73ec9af0c __free_lconv_num 11 API calls 15353->15354 15354->15343 15357 7ff73ec8bf2e RtlLookupFunctionEntry 15356->15357 15358 7ff73ec8bf44 RtlVirtualUnwind 15357->15358 15359 7ff73ec8bd4b 15357->15359 15358->15357 15358->15359 15360 7ff73ec8bce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15359->15360 15362 7ff73ec9ac12 _wfindfirst32i64 memcpy_s 15361->15362 15363 7ff73ec9ac3a RtlCaptureContext RtlLookupFunctionEntry 15362->15363 15364 7ff73ec9ac74 RtlVirtualUnwind 15363->15364 15365 7ff73ec9acaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15363->15365 15364->15365 15366 7ff73ec9acfc _wfindfirst32i64 15365->15366 15367 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15366->15367 15368 7ff73ec9ad1b GetCurrentProcess TerminateProcess 15367->15368 18902 7ff73ecaa96e 18903 7ff73ecaa97e 18902->18903 18906 7ff73ec95378 LeaveCriticalSection 18903->18906 18530 7ff73ec9a2e0 18533 7ff73ec9a25c 18530->18533 18540 7ff73eca0cb8 EnterCriticalSection 18533->18540 18541 7ff73ec9cae0 18552 7ff73eca0cb8 EnterCriticalSection 18541->18552 18924 7ff73ec9b590 18925 7ff73ec9b595 18924->18925 18929 7ff73ec9b5aa 18924->18929 18930 7ff73ec9b5b0 18925->18930 18931 7ff73ec9b5f2 18930->18931 18932 7ff73ec9b5fa 18930->18932 18933 7ff73ec9af0c __free_lconv_num 11 API calls 18931->18933 18934 7ff73ec9af0c __free_lconv_num 11 API calls 18932->18934 18933->18932 18935 7ff73ec9b607 18934->18935 18936 7ff73ec9af0c __free_lconv_num 11 API calls 18935->18936 18937 7ff73ec9b614 18936->18937 18938 7ff73ec9af0c __free_lconv_num 11 API calls 18937->18938 18939 7ff73ec9b621 18938->18939 18940 7ff73ec9af0c __free_lconv_num 11 API calls 18939->18940 18941 7ff73ec9b62e 18940->18941 18942 7ff73ec9af0c __free_lconv_num 11 API calls 18941->18942 18943 7ff73ec9b63b 18942->18943 18944 7ff73ec9af0c __free_lconv_num 11 API calls 18943->18944 18945 7ff73ec9b648 18944->18945 18946 7ff73ec9af0c __free_lconv_num 11 API calls 18945->18946 18947 7ff73ec9b655 18946->18947 18948 7ff73ec9af0c __free_lconv_num 11 API calls 18947->18948 18949 7ff73ec9b665 18948->18949 18950 7ff73ec9af0c __free_lconv_num 11 API calls 18949->18950 18951 7ff73ec9b675 18950->18951 18956 7ff73ec9b458 18951->18956 18970 7ff73eca0cb8 EnterCriticalSection 18956->18970 18637 7ff73ec95310 18638 7ff73ec9531b 18637->18638 18646 7ff73ec9f764 18638->18646 18659 7ff73eca0cb8 EnterCriticalSection 18646->18659 18972 7ff73ec8bf90 18973 7ff73ec8bfa0 18972->18973 18989 7ff73ec9a138 18973->18989 18975 7ff73ec8bfac 18995 7ff73ec8c298 18975->18995 18977 7ff73ec8c57c 7 API calls 18979 7ff73ec8c045 18977->18979 18978 7ff73ec8bfc4 _RTC_Initialize 18987 7ff73ec8c019 18978->18987 19000 7ff73ec8c448 18978->19000 18981 7ff73ec8bfd9 19003 7ff73ec995a4 18981->19003 18987->18977 18988 7ff73ec8c035 18987->18988 18990 7ff73ec9a149 18989->18990 18991 7ff73ec9a151 18990->18991 18992 7ff73ec954c4 _get_daylight 11 API calls 18990->18992 18991->18975 18993 7ff73ec9a160 18992->18993 18994 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 18993->18994 18994->18991 18996 7ff73ec8c2a9 18995->18996 18999 7ff73ec8c2ae __scrt_release_startup_lock 18995->18999 18997 7ff73ec8c57c 7 API calls 18996->18997 18996->18999 18998 7ff73ec8c322 18997->18998 18999->18978 19028 7ff73ec8c40c 19000->19028 19002 7ff73ec8c451 19002->18981 19004 7ff73ec995c4 19003->19004 19005 7ff73ec8bfe5 19003->19005 19006 7ff73ec995e2 GetModuleFileNameW 19004->19006 19007 7ff73ec995cc 19004->19007 19005->18987 19027 7ff73ec8c51c InitializeSListHead 19005->19027 19011 7ff73ec9960d 19006->19011 19008 7ff73ec954c4 _get_daylight 11 API calls 19007->19008 19009 7ff73ec995d1 19008->19009 19010 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 19009->19010 19010->19005 19012 7ff73ec99544 11 API calls 19011->19012 19013 7ff73ec9964d 19012->19013 19014 7ff73ec99655 19013->19014 19019 7ff73ec9966d 19013->19019 19015 7ff73ec954c4 _get_daylight 11 API calls 19014->19015 19016 7ff73ec9965a 19015->19016 19017 7ff73ec9af0c __free_lconv_num 11 API calls 19016->19017 19017->19005 19018 7ff73ec9968f 19020 7ff73ec9af0c __free_lconv_num 11 API calls 19018->19020 19019->19018 19021 7ff73ec996d4 19019->19021 19022 7ff73ec996bb 19019->19022 19020->19005 19025 7ff73ec9af0c __free_lconv_num 11 API calls 19021->19025 19023 7ff73ec9af0c __free_lconv_num 11 API calls 19022->19023 19024 7ff73ec996c4 19023->19024 19026 7ff73ec9af0c __free_lconv_num 11 API calls 19024->19026 19025->19018 19026->19005 19029 7ff73ec8c426 19028->19029 19031 7ff73ec8c41f 19028->19031 19032 7ff73ec9a77c 19029->19032 19031->19002 19035 7ff73ec9a3b8 19032->19035 19042 7ff73eca0cb8 EnterCriticalSection 19035->19042 19043 7ff73ecaab89 19044 7ff73ecaaba2 19043->19044 19045 7ff73ecaab98 19043->19045 19047 7ff73eca0d18 LeaveCriticalSection 19045->19047 15369 7ff73ec8c07c 15390 7ff73ec8c24c 15369->15390 15372 7ff73ec8c1c8 15486 7ff73ec8c57c IsProcessorFeaturePresent 15372->15486 15373 7ff73ec8c098 __scrt_acquire_startup_lock 15375 7ff73ec8c1d2 15373->15375 15382 7ff73ec8c0b6 __scrt_release_startup_lock 15373->15382 15376 7ff73ec8c57c 7 API calls 15375->15376 15378 7ff73ec8c1dd __CxxCallCatchBlock 15376->15378 15377 7ff73ec8c0db 15379 7ff73ec8c161 15396 7ff73ec8c6c8 15379->15396 15381 7ff73ec8c166 15399 7ff73ec81000 15381->15399 15382->15377 15382->15379 15475 7ff73ec9a0bc 15382->15475 15387 7ff73ec8c189 15387->15378 15482 7ff73ec8c3e0 15387->15482 15493 7ff73ec8c84c 15390->15493 15393 7ff73ec8c090 15393->15372 15393->15373 15394 7ff73ec8c27b __scrt_initialize_crt 15394->15393 15495 7ff73ec8d998 15394->15495 15522 7ff73ec8d0e0 15396->15522 15400 7ff73ec8100b 15399->15400 15524 7ff73ec886b0 15400->15524 15402 7ff73ec8101d 15531 7ff73ec95ef8 15402->15531 15404 7ff73ec839cb 15538 7ff73ec81eb0 15404->15538 15407 7ff73ec83ad2 15409 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15407->15409 15410 7ff73ec83ae6 15409->15410 15480 7ff73ec8c70c GetModuleHandleW 15410->15480 15411 7ff73ec839ea 15411->15407 15554 7ff73ec87b60 15411->15554 15413 7ff73ec83a1f 15414 7ff73ec83a6b 15413->15414 15415 7ff73ec87b60 61 API calls 15413->15415 15569 7ff73ec88040 15414->15569 15420 7ff73ec83a40 __vcrt_freefls 15415->15420 15417 7ff73ec83a80 15573 7ff73ec81cb0 15417->15573 15420->15414 15425 7ff73ec88040 58 API calls 15420->15425 15421 7ff73ec83b71 15422 7ff73ec83b95 15421->15422 15592 7ff73ec814f0 15421->15592 15422->15407 15429 7ff73ec83bef 15422->15429 15599 7ff73ec88ae0 15422->15599 15423 7ff73ec81cb0 121 API calls 15424 7ff73ec83ab6 15423->15424 15426 7ff73ec83aba 15424->15426 15427 7ff73ec83af8 15424->15427 15425->15414 15654 7ff73ec82b30 15426->15654 15427->15421 15667 7ff73ec83fd0 15427->15667 15613 7ff73ec86de0 15429->15613 15433 7ff73ec83bcc 15434 7ff73ec83be2 SetDllDirectoryW 15433->15434 15435 7ff73ec83bd1 15433->15435 15434->15429 15438 7ff73ec82b30 59 API calls 15435->15438 15438->15407 15439 7ff73ec83c3b 15446 7ff73ec83d06 15439->15446 15454 7ff73ec83c5a 15439->15454 15442 7ff73ec83b16 15445 7ff73ec82b30 59 API calls 15442->15445 15443 7ff73ec83c09 15443->15439 15699 7ff73ec865f0 15443->15699 15445->15407 15617 7ff73ec834c0 15446->15617 15447 7ff73ec83b44 15447->15421 15450 7ff73ec83b49 15447->15450 15686 7ff73ec9018c 15450->15686 15457 7ff73ec83ca5 15454->15457 15741 7ff73ec81ef0 15454->15741 15455 7ff73ec83c3d 15735 7ff73ec86840 15455->15735 15457->15407 15745 7ff73ec83460 15457->15745 15461 7ff73ec83d2e 15464 7ff73ec87b60 61 API calls 15461->15464 15463 7ff73ec83c2c 15729 7ff73ec86c30 15463->15729 15467 7ff73ec83d3a 15464->15467 15631 7ff73ec88080 15467->15631 15468 7ff73ec83ce1 15470 7ff73ec86840 FreeLibrary 15468->15470 15470->15407 15476 7ff73ec9a0f4 15475->15476 15477 7ff73ec9a0d3 15475->15477 18275 7ff73ec9a968 15476->18275 15477->15379 15481 7ff73ec8c71d 15480->15481 15481->15387 15483 7ff73ec8c3f1 15482->15483 15484 7ff73ec8c1a0 15483->15484 15485 7ff73ec8d998 __scrt_initialize_crt 7 API calls 15483->15485 15484->15377 15485->15484 15487 7ff73ec8c5a2 _wfindfirst32i64 memcpy_s 15486->15487 15488 7ff73ec8c5c1 RtlCaptureContext RtlLookupFunctionEntry 15487->15488 15489 7ff73ec8c626 memcpy_s 15488->15489 15490 7ff73ec8c5ea RtlVirtualUnwind 15488->15490 15491 7ff73ec8c658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15489->15491 15490->15489 15492 7ff73ec8c6aa _wfindfirst32i64 15491->15492 15492->15375 15494 7ff73ec8c26e __scrt_dllmain_crt_thread_attach 15493->15494 15494->15393 15494->15394 15496 7ff73ec8d9a0 15495->15496 15497 7ff73ec8d9aa 15495->15497 15501 7ff73ec8dd14 15496->15501 15497->15393 15502 7ff73ec8dd23 15501->15502 15504 7ff73ec8d9a5 15501->15504 15509 7ff73ec8df50 15502->15509 15505 7ff73ec8dd80 15504->15505 15506 7ff73ec8ddab 15505->15506 15507 7ff73ec8ddaf 15506->15507 15508 7ff73ec8dd8e DeleteCriticalSection 15506->15508 15507->15497 15508->15506 15513 7ff73ec8ddb8 15509->15513 15514 7ff73ec8ded2 TlsFree 15513->15514 15520 7ff73ec8ddfc __vcrt_FlsAlloc 15513->15520 15515 7ff73ec8de2a LoadLibraryExW 15517 7ff73ec8dea1 15515->15517 15518 7ff73ec8de4b GetLastError 15515->15518 15516 7ff73ec8dec1 GetProcAddress 15516->15514 15517->15516 15519 7ff73ec8deb8 FreeLibrary 15517->15519 15518->15520 15519->15516 15520->15514 15520->15515 15520->15516 15521 7ff73ec8de6d LoadLibraryExW 15520->15521 15521->15517 15521->15520 15523 7ff73ec8c6df GetStartupInfoW 15522->15523 15523->15381 15526 7ff73ec886cf 15524->15526 15525 7ff73ec88720 WideCharToMultiByte 15525->15526 15528 7ff73ec887c6 15525->15528 15526->15525 15526->15528 15529 7ff73ec88774 WideCharToMultiByte 15526->15529 15530 7ff73ec886d7 __vcrt_freefls 15526->15530 15793 7ff73ec829e0 15528->15793 15529->15526 15529->15528 15530->15402 15534 7ff73eca0050 15531->15534 15532 7ff73eca00a3 15533 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15532->15533 15535 7ff73eca00cc 15533->15535 15534->15532 15536 7ff73eca00f6 15534->15536 15535->15404 16183 7ff73ec9ff28 15536->16183 15539 7ff73ec81ec5 15538->15539 15540 7ff73ec81ee0 15539->15540 16191 7ff73ec82890 15539->16191 15540->15407 15542 7ff73ec83ec0 15540->15542 15543 7ff73ec8bc60 15542->15543 15544 7ff73ec83ecc GetModuleFileNameW 15543->15544 15545 7ff73ec83efb 15544->15545 15546 7ff73ec83f12 15544->15546 15547 7ff73ec829e0 57 API calls 15545->15547 16231 7ff73ec88bf0 15546->16231 15549 7ff73ec83f0e 15547->15549 15552 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15549->15552 15551 7ff73ec82b30 59 API calls 15551->15549 15553 7ff73ec83f4f 15552->15553 15553->15411 15555 7ff73ec87b6a 15554->15555 15556 7ff73ec88ae0 57 API calls 15555->15556 15557 7ff73ec87b8c GetEnvironmentVariableW 15556->15557 15558 7ff73ec87bf6 15557->15558 15559 7ff73ec87ba4 ExpandEnvironmentStringsW 15557->15559 15560 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15558->15560 15561 7ff73ec88bf0 59 API calls 15559->15561 15562 7ff73ec87c08 15560->15562 15563 7ff73ec87bcc 15561->15563 15562->15413 15563->15558 15564 7ff73ec87bd6 15563->15564 16242 7ff73ec9a99c 15564->16242 15567 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15568 7ff73ec87bee 15567->15568 15568->15413 15570 7ff73ec88ae0 57 API calls 15569->15570 15571 7ff73ec88057 SetEnvironmentVariableW 15570->15571 15572 7ff73ec8806f __vcrt_freefls 15571->15572 15572->15417 15574 7ff73ec81cbe 15573->15574 15575 7ff73ec81ef0 49 API calls 15574->15575 15576 7ff73ec81cf4 15575->15576 15577 7ff73ec81ef0 49 API calls 15576->15577 15587 7ff73ec81dde 15576->15587 15578 7ff73ec81d1a 15577->15578 15578->15587 16249 7ff73ec81aa0 15578->16249 15579 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15580 7ff73ec81e6c 15579->15580 15580->15421 15580->15423 15584 7ff73ec81dcc 15585 7ff73ec83e40 49 API calls 15584->15585 15585->15587 15586 7ff73ec81d8f 15586->15584 15588 7ff73ec81e34 15586->15588 15587->15579 15589 7ff73ec83e40 49 API calls 15588->15589 15590 7ff73ec81e41 15589->15590 16285 7ff73ec84050 15590->16285 15593 7ff73ec8157f 15592->15593 15594 7ff73ec81506 15592->15594 15593->15422 16327 7ff73ec87950 15594->16327 15597 7ff73ec82b30 59 API calls 15598 7ff73ec81564 15597->15598 15598->15422 15600 7ff73ec88b01 MultiByteToWideChar 15599->15600 15601 7ff73ec88b87 MultiByteToWideChar 15599->15601 15604 7ff73ec88b27 15600->15604 15607 7ff73ec88b4c 15600->15607 15602 7ff73ec88bcf 15601->15602 15603 7ff73ec88baa 15601->15603 15602->15433 15605 7ff73ec829e0 55 API calls 15603->15605 15606 7ff73ec829e0 55 API calls 15604->15606 15608 7ff73ec88bbd 15605->15608 15609 7ff73ec88b3a 15606->15609 15607->15601 15610 7ff73ec88b62 15607->15610 15608->15433 15609->15433 15611 7ff73ec829e0 55 API calls 15610->15611 15612 7ff73ec88b75 15611->15612 15612->15433 15614 7ff73ec86df5 15613->15614 15615 7ff73ec82890 59 API calls 15614->15615 15616 7ff73ec83bf4 15614->15616 15615->15616 15616->15439 15690 7ff73ec86a90 15616->15690 15618 7ff73ec83574 15617->15618 15622 7ff73ec83533 15617->15622 15619 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15618->15619 15620 7ff73ec835c5 15619->15620 15620->15407 15624 7ff73ec87fd0 15620->15624 15622->15618 16869 7ff73ec81710 15622->16869 16911 7ff73ec82d70 15622->16911 15625 7ff73ec88ae0 57 API calls 15624->15625 15626 7ff73ec87fef 15625->15626 15627 7ff73ec88ae0 57 API calls 15626->15627 15628 7ff73ec87fff 15627->15628 15629 7ff73ec97dec 38 API calls 15628->15629 15630 7ff73ec8800d __vcrt_freefls 15629->15630 15630->15461 15632 7ff73ec88090 15631->15632 15633 7ff73ec88ae0 57 API calls 15632->15633 15634 7ff73ec880c1 SetConsoleCtrlHandler GetStartupInfoW 15633->15634 15635 7ff73ec88122 15634->15635 17400 7ff73ec9aa14 15635->17400 15639 7ff73ec88131 15640 7ff73ec9aa14 _fread_nolock 37 API calls 15639->15640 15655 7ff73ec82b50 15654->15655 15656 7ff73ec94ac4 49 API calls 15655->15656 15657 7ff73ec82b9b memcpy_s 15656->15657 15658 7ff73ec88ae0 57 API calls 15657->15658 15659 7ff73ec82bd0 15658->15659 15660 7ff73ec82c0d MessageBoxA 15659->15660 15661 7ff73ec82bd5 15659->15661 15663 7ff73ec82c27 15660->15663 15662 7ff73ec88ae0 57 API calls 15661->15662 15664 7ff73ec82bef MessageBoxW 15662->15664 15665 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15663->15665 15664->15663 15666 7ff73ec82c37 15665->15666 15666->15407 15668 7ff73ec83fdc 15667->15668 15669 7ff73ec88ae0 57 API calls 15668->15669 15670 7ff73ec84007 15669->15670 15671 7ff73ec88ae0 57 API calls 15670->15671 15672 7ff73ec8401a 15671->15672 17418 7ff73ec964a8 15672->17418 15675 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15676 7ff73ec83b0e 15675->15676 15676->15442 15677 7ff73ec882b0 15676->15677 15678 7ff73ec882d4 15677->15678 15679 7ff73ec90814 73 API calls 15678->15679 15684 7ff73ec883ab __vcrt_freefls 15678->15684 15680 7ff73ec882ee 15679->15680 15680->15684 17797 7ff73ec99070 15680->17797 15682 7ff73ec90814 73 API calls 15685 7ff73ec88303 15682->15685 15683 7ff73ec904dc _fread_nolock 53 API calls 15683->15685 15684->15447 15685->15682 15685->15683 15685->15684 15687 7ff73ec901bc 15686->15687 17812 7ff73ec8ff68 15687->17812 15689 7ff73ec901d5 15689->15442 15691 7ff73ec86aca 15690->15691 15692 7ff73ec86ab3 15690->15692 15691->15443 15692->15691 17823 7ff73ec815a0 15692->17823 15694 7ff73ec86ad4 15694->15691 15695 7ff73ec84050 49 API calls 15694->15695 15696 7ff73ec86b35 15695->15696 15697 7ff73ec82b30 59 API calls 15696->15697 15698 7ff73ec86ba5 memcpy_s __vcrt_freefls 15696->15698 15697->15691 15698->15443 15700 7ff73ec8660a memcpy_s 15699->15700 15701 7ff73ec8672f 15700->15701 15703 7ff73ec8674b 15700->15703 15707 7ff73ec84050 49 API calls 15700->15707 15708 7ff73ec86710 15700->15708 15716 7ff73ec81710 144 API calls 15700->15716 15717 7ff73ec86731 15700->15717 17847 7ff73ec81950 15700->17847 15704 7ff73ec84050 49 API calls 15701->15704 15706 7ff73ec82b30 59 API calls 15703->15706 15705 7ff73ec867a8 15704->15705 15709 7ff73ec84050 49 API calls 15705->15709 15712 7ff73ec86741 __vcrt_freefls 15706->15712 15707->15700 15708->15701 15710 7ff73ec84050 49 API calls 15708->15710 15711 7ff73ec867d8 15709->15711 15710->15701 15715 7ff73ec84050 49 API calls 15711->15715 15713 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15712->15713 15714 7ff73ec83c1a 15713->15714 15714->15455 15719 7ff73ec86570 15714->15719 15715->15712 15716->15700 15718 7ff73ec82b30 59 API calls 15717->15718 15718->15712 17851 7ff73ec88260 15719->17851 15721 7ff73ec8658c 15722 7ff73ec88260 58 API calls 15721->15722 15723 7ff73ec8659f 15722->15723 15724 7ff73ec865d5 15723->15724 15725 7ff73ec865b7 15723->15725 15726 7ff73ec82b30 59 API calls 15724->15726 17855 7ff73ec86ef0 GetProcAddress 15725->17855 15728 7ff73ec83c28 15726->15728 15728->15455 15728->15463 15730 7ff73ec86c54 15729->15730 15731 7ff73ec82b30 59 API calls 15730->15731 15734 7ff73ec86cca 15730->15734 15732 7ff73ec86cae 15731->15732 15733 7ff73ec86840 FreeLibrary 15732->15733 15733->15734 15734->15439 15736 7ff73ec86852 15735->15736 15739 7ff73ec8687d 15735->15739 15738 7ff73ec8693b 15736->15738 15736->15739 17914 7ff73ec88240 FreeLibrary 15736->17914 15738->15739 17915 7ff73ec88240 FreeLibrary 15738->17915 15739->15439 15742 7ff73ec81f15 15741->15742 15743 7ff73ec94ac4 49 API calls 15742->15743 15744 7ff73ec81f38 15743->15744 15744->15457 17916 7ff73ec85bc0 15745->17916 15748 7ff73ec834ad 15748->15468 15750 7ff73ec83484 15750->15748 17985 7ff73ec85920 15750->17985 15752 7ff73ec83490 15752->15748 17994 7ff73ec85a90 15752->17994 15812 7ff73ec8bc60 15793->15812 15796 7ff73ec82a29 15814 7ff73ec94ac4 15796->15814 15801 7ff73ec81ef0 49 API calls 15802 7ff73ec82a86 memcpy_s 15801->15802 15803 7ff73ec88ae0 54 API calls 15802->15803 15804 7ff73ec82abb 15803->15804 15805 7ff73ec82af8 MessageBoxA 15804->15805 15806 7ff73ec82ac0 15804->15806 15808 7ff73ec82b12 15805->15808 15807 7ff73ec88ae0 54 API calls 15806->15807 15809 7ff73ec82ada MessageBoxW 15807->15809 15810 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15808->15810 15809->15808 15811 7ff73ec82b22 15810->15811 15811->15530 15813 7ff73ec829fc GetLastError 15812->15813 15813->15796 15817 7ff73ec94b1e 15814->15817 15815 7ff73ec94b43 15818 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15815->15818 15816 7ff73ec94b7f 15844 7ff73ec92d50 15816->15844 15817->15815 15817->15816 15821 7ff73ec94b6d 15818->15821 15820 7ff73ec94c5c 15823 7ff73ec9af0c __free_lconv_num 11 API calls 15820->15823 15822 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15821->15822 15825 7ff73ec82a57 15822->15825 15823->15821 15832 7ff73ec88560 15825->15832 15826 7ff73ec94c80 15826->15820 15828 7ff73ec94c8a 15826->15828 15827 7ff73ec94c31 15829 7ff73ec9af0c __free_lconv_num 11 API calls 15827->15829 15831 7ff73ec9af0c __free_lconv_num 11 API calls 15828->15831 15829->15821 15830 7ff73ec94c28 15830->15820 15830->15827 15831->15821 15833 7ff73ec8856c 15832->15833 15834 7ff73ec88587 GetLastError 15833->15834 15835 7ff73ec8858d FormatMessageW 15833->15835 15834->15835 15836 7ff73ec885c0 15835->15836 15837 7ff73ec885dc WideCharToMultiByte 15835->15837 15838 7ff73ec829e0 54 API calls 15836->15838 15839 7ff73ec885d3 15837->15839 15840 7ff73ec88616 15837->15840 15838->15839 15842 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15839->15842 15841 7ff73ec829e0 54 API calls 15840->15841 15841->15839 15843 7ff73ec82a5e 15842->15843 15843->15801 15845 7ff73ec92d8e 15844->15845 15846 7ff73ec92d7e 15844->15846 15847 7ff73ec92d97 15845->15847 15852 7ff73ec92dc5 15845->15852 15849 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15846->15849 15850 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15847->15850 15848 7ff73ec92dbd 15848->15820 15848->15826 15848->15827 15848->15830 15849->15848 15850->15848 15852->15846 15852->15848 15854 7ff73ec93074 15852->15854 15858 7ff73ec936e0 15852->15858 15884 7ff73ec933a8 15852->15884 15914 7ff73ec92c30 15852->15914 15917 7ff73ec94900 15852->15917 15856 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15854->15856 15856->15846 15859 7ff73ec93722 15858->15859 15860 7ff73ec93795 15858->15860 15861 7ff73ec937bf 15859->15861 15862 7ff73ec93728 15859->15862 15863 7ff73ec937ef 15860->15863 15864 7ff73ec9379a 15860->15864 15941 7ff73ec91c90 15861->15941 15870 7ff73ec9372d 15862->15870 15873 7ff73ec937fe 15862->15873 15863->15861 15863->15873 15879 7ff73ec93758 15863->15879 15865 7ff73ec937cf 15864->15865 15866 7ff73ec9379c 15864->15866 15948 7ff73ec91880 15865->15948 15867 7ff73ec9373d 15866->15867 15872 7ff73ec937ab 15866->15872 15883 7ff73ec9382d 15867->15883 15923 7ff73ec94044 15867->15923 15870->15867 15874 7ff73ec93770 15870->15874 15870->15879 15872->15861 15876 7ff73ec937b0 15872->15876 15873->15883 15955 7ff73ec920a0 15873->15955 15874->15883 15933 7ff73ec94500 15874->15933 15876->15883 15937 7ff73ec94698 15876->15937 15878 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15881 7ff73ec93ac3 15878->15881 15879->15883 15962 7ff73ec9ee18 15879->15962 15881->15852 15883->15878 15885 7ff73ec933b3 15884->15885 15886 7ff73ec933c9 15884->15886 15888 7ff73ec93722 15885->15888 15889 7ff73ec93795 15885->15889 15903 7ff73ec93407 15885->15903 15887 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15886->15887 15886->15903 15887->15903 15890 7ff73ec937bf 15888->15890 15891 7ff73ec93728 15888->15891 15892 7ff73ec937ef 15889->15892 15893 7ff73ec9379a 15889->15893 15897 7ff73ec91c90 38 API calls 15890->15897 15900 7ff73ec9372d 15891->15900 15904 7ff73ec937fe 15891->15904 15892->15890 15892->15904 15912 7ff73ec93758 15892->15912 15894 7ff73ec937cf 15893->15894 15895 7ff73ec9379c 15893->15895 15898 7ff73ec91880 38 API calls 15894->15898 15896 7ff73ec9373d 15895->15896 15901 7ff73ec937ab 15895->15901 15899 7ff73ec94044 47 API calls 15896->15899 15913 7ff73ec9382d 15896->15913 15897->15912 15898->15912 15899->15912 15900->15896 15902 7ff73ec93770 15900->15902 15900->15912 15901->15890 15906 7ff73ec937b0 15901->15906 15907 7ff73ec94500 47 API calls 15902->15907 15902->15913 15903->15852 15905 7ff73ec920a0 38 API calls 15904->15905 15904->15913 15905->15912 15909 7ff73ec94698 37 API calls 15906->15909 15906->15913 15907->15912 15908 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 15910 7ff73ec93ac3 15908->15910 15909->15912 15910->15852 15911 7ff73ec9ee18 47 API calls 15911->15912 15912->15911 15912->15913 15913->15908 16111 7ff73ec90e54 15914->16111 15918 7ff73ec94917 15917->15918 16128 7ff73ec9df78 15918->16128 15924 7ff73ec94066 15923->15924 15972 7ff73ec90cc0 15924->15972 15929 7ff73ec94900 45 API calls 15931 7ff73ec941a3 15929->15931 15930 7ff73ec94900 45 API calls 15932 7ff73ec9422c 15930->15932 15931->15930 15931->15931 15931->15932 15932->15879 15934 7ff73ec94580 15933->15934 15935 7ff73ec94518 15933->15935 15934->15879 15935->15934 15936 7ff73ec9ee18 47 API calls 15935->15936 15936->15934 15940 7ff73ec946b9 15937->15940 15938 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15939 7ff73ec946ea 15938->15939 15939->15879 15940->15938 15940->15939 15942 7ff73ec91cc3 15941->15942 15943 7ff73ec91cf2 15942->15943 15945 7ff73ec91daf 15942->15945 15944 7ff73ec90cc0 12 API calls 15943->15944 15947 7ff73ec91d2f 15943->15947 15944->15947 15946 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15945->15946 15946->15947 15947->15879 15950 7ff73ec918b3 15948->15950 15949 7ff73ec918e2 15951 7ff73ec90cc0 12 API calls 15949->15951 15954 7ff73ec9191f 15949->15954 15950->15949 15952 7ff73ec9199f 15950->15952 15951->15954 15953 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15952->15953 15953->15954 15954->15879 15958 7ff73ec920d3 15955->15958 15956 7ff73ec92102 15957 7ff73ec90cc0 12 API calls 15956->15957 15961 7ff73ec9213f 15956->15961 15957->15961 15958->15956 15959 7ff73ec921bf 15958->15959 15960 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15959->15960 15960->15961 15961->15879 15963 7ff73ec9ee40 15962->15963 15964 7ff73ec9ee85 15963->15964 15965 7ff73ec94900 45 API calls 15963->15965 15966 7ff73ec9ee45 memcpy_s 15963->15966 15971 7ff73ec9ee6e memcpy_s 15963->15971 15964->15966 15964->15971 16108 7ff73eca04c8 15964->16108 15965->15964 15966->15879 15967 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15967->15966 15971->15966 15971->15967 15973 7ff73ec90cf7 15972->15973 15979 7ff73ec90ce6 15972->15979 15974 7ff73ec9dbbc _fread_nolock 12 API calls 15973->15974 15973->15979 15975 7ff73ec90d24 15974->15975 15976 7ff73ec90d38 15975->15976 15977 7ff73ec9af0c __free_lconv_num 11 API calls 15975->15977 15978 7ff73ec9af0c __free_lconv_num 11 API calls 15976->15978 15977->15976 15978->15979 15980 7ff73ec9eb30 15979->15980 15981 7ff73ec9eb80 15980->15981 15982 7ff73ec9eb4d 15980->15982 15981->15982 15984 7ff73ec9ebb2 15981->15984 15983 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 15982->15983 15992 7ff73ec94181 15983->15992 15988 7ff73ec9ecc5 15984->15988 15995 7ff73ec9ebfa 15984->15995 15985 7ff73ec9edb7 16035 7ff73ec9e01c 15985->16035 15986 7ff73ec9ed7d 16028 7ff73ec9e3b4 15986->16028 15988->15985 15988->15986 15989 7ff73ec9ed4c 15988->15989 15991 7ff73ec9ed0f 15988->15991 15994 7ff73ec9ed05 15988->15994 16021 7ff73ec9e694 15989->16021 16011 7ff73ec9e8c4 15991->16011 15992->15929 15992->15931 15994->15986 15997 7ff73ec9ed0a 15994->15997 15995->15992 16002 7ff73ec9aa3c 15995->16002 15997->15989 15997->15991 16000 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16001 7ff73ec9ee14 16000->16001 16003 7ff73ec9aa53 16002->16003 16004 7ff73ec9aa49 16002->16004 16005 7ff73ec954c4 _get_daylight 11 API calls 16003->16005 16004->16003 16006 7ff73ec9aa6e 16004->16006 16010 7ff73ec9aa5a 16005->16010 16008 7ff73ec9aa66 16006->16008 16009 7ff73ec954c4 _get_daylight 11 API calls 16006->16009 16007 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16007->16008 16008->15992 16008->16000 16009->16010 16010->16007 16044 7ff73eca471c 16011->16044 16015 7ff73ec9e96c 16016 7ff73ec9e9c1 16015->16016 16018 7ff73ec9e98c 16015->16018 16020 7ff73ec9e970 16015->16020 16097 7ff73ec9e4b0 16016->16097 16093 7ff73ec9e76c 16018->16093 16020->15992 16022 7ff73eca471c 38 API calls 16021->16022 16023 7ff73ec9e6de 16022->16023 16024 7ff73eca4164 37 API calls 16023->16024 16025 7ff73ec9e72e 16024->16025 16026 7ff73ec9e732 16025->16026 16027 7ff73ec9e76c 45 API calls 16025->16027 16026->15992 16027->16026 16029 7ff73eca471c 38 API calls 16028->16029 16030 7ff73ec9e3ff 16029->16030 16031 7ff73eca4164 37 API calls 16030->16031 16032 7ff73ec9e457 16031->16032 16033 7ff73ec9e45b 16032->16033 16034 7ff73ec9e4b0 45 API calls 16032->16034 16033->15992 16034->16033 16036 7ff73ec9e061 16035->16036 16037 7ff73ec9e094 16035->16037 16039 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16036->16039 16038 7ff73ec9e0ac 16037->16038 16041 7ff73ec9e12d 16037->16041 16040 7ff73ec9e3b4 46 API calls 16038->16040 16043 7ff73ec9e08d memcpy_s 16039->16043 16040->16043 16042 7ff73ec94900 45 API calls 16041->16042 16041->16043 16042->16043 16043->15992 16045 7ff73eca476f fegetenv 16044->16045 16046 7ff73eca867c 37 API calls 16045->16046 16052 7ff73eca47c2 16046->16052 16047 7ff73eca47ef 16051 7ff73ec9aa3c __std_exception_copy 37 API calls 16047->16051 16048 7ff73eca48b2 16049 7ff73eca867c 37 API calls 16048->16049 16050 7ff73eca48dc 16049->16050 16055 7ff73eca867c 37 API calls 16050->16055 16056 7ff73eca486d 16051->16056 16052->16048 16053 7ff73eca47dd 16052->16053 16054 7ff73eca488c 16052->16054 16053->16047 16053->16048 16059 7ff73ec9aa3c __std_exception_copy 37 API calls 16054->16059 16057 7ff73eca48ed 16055->16057 16058 7ff73eca5994 16056->16058 16063 7ff73eca4875 16056->16063 16060 7ff73eca8870 20 API calls 16057->16060 16061 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16058->16061 16059->16056 16071 7ff73eca4956 memcpy_s 16060->16071 16062 7ff73eca59a9 16061->16062 16064 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16063->16064 16065 7ff73ec9e911 16064->16065 16089 7ff73eca4164 16065->16089 16066 7ff73eca4cff memcpy_s 16067 7ff73eca503f 16068 7ff73eca4280 37 API calls 16067->16068 16075 7ff73eca5757 16068->16075 16069 7ff73eca4feb 16069->16067 16072 7ff73eca59ac memcpy_s 37 API calls 16069->16072 16070 7ff73eca4997 memcpy_s 16083 7ff73eca52db memcpy_s 16070->16083 16085 7ff73eca4df3 memcpy_s 16070->16085 16071->16066 16071->16070 16073 7ff73ec954c4 _get_daylight 11 API calls 16071->16073 16072->16067 16074 7ff73eca4dd0 16073->16074 16076 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16074->16076 16077 7ff73eca59ac memcpy_s 37 API calls 16075->16077 16082 7ff73eca57b2 16075->16082 16076->16070 16077->16082 16078 7ff73eca5938 16079 7ff73eca867c 37 API calls 16078->16079 16079->16063 16080 7ff73ec954c4 11 API calls _get_daylight 16080->16083 16081 7ff73ec954c4 11 API calls _get_daylight 16081->16085 16082->16078 16084 7ff73eca4280 37 API calls 16082->16084 16087 7ff73eca59ac memcpy_s 37 API calls 16082->16087 16083->16067 16083->16069 16083->16080 16088 7ff73ec9aea4 37 API calls _invalid_parameter_noinfo 16083->16088 16084->16082 16085->16069 16085->16081 16086 7ff73ec9aea4 37 API calls _invalid_parameter_noinfo 16085->16086 16086->16085 16087->16082 16088->16083 16090 7ff73eca4183 16089->16090 16091 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16090->16091 16092 7ff73eca41ae memcpy_s 16090->16092 16091->16092 16092->16015 16094 7ff73ec9e798 memcpy_s 16093->16094 16095 7ff73ec94900 45 API calls 16094->16095 16096 7ff73ec9e852 memcpy_s 16094->16096 16095->16096 16096->16020 16098 7ff73ec9e4eb 16097->16098 16102 7ff73ec9e538 memcpy_s 16097->16102 16099 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16098->16099 16100 7ff73ec9e517 16099->16100 16100->16020 16101 7ff73ec9e5a3 16103 7ff73ec9aa3c __std_exception_copy 37 API calls 16101->16103 16102->16101 16104 7ff73ec94900 45 API calls 16102->16104 16107 7ff73ec9e5e5 memcpy_s 16103->16107 16104->16101 16105 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16106 7ff73ec9e690 16105->16106 16107->16105 16109 7ff73eca04ec WideCharToMultiByte 16108->16109 16112 7ff73ec90e81 16111->16112 16113 7ff73ec90e93 16111->16113 16114 7ff73ec954c4 _get_daylight 11 API calls 16112->16114 16115 7ff73ec90ea0 16113->16115 16119 7ff73ec90edd 16113->16119 16116 7ff73ec90e86 16114->16116 16117 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16115->16117 16118 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16116->16118 16123 7ff73ec90e91 16117->16123 16118->16123 16120 7ff73ec90f86 16119->16120 16121 7ff73ec954c4 _get_daylight 11 API calls 16119->16121 16122 7ff73ec954c4 _get_daylight 11 API calls 16120->16122 16120->16123 16124 7ff73ec90f7b 16121->16124 16125 7ff73ec91030 16122->16125 16123->15852 16126 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16124->16126 16127 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16125->16127 16126->16120 16127->16123 16129 7ff73ec9df91 16128->16129 16130 7ff73ec9493f 16128->16130 16129->16130 16136 7ff73eca3974 16129->16136 16132 7ff73ec9dfe4 16130->16132 16133 7ff73ec9494f 16132->16133 16134 7ff73ec9dffd 16132->16134 16133->15852 16134->16133 16180 7ff73eca2cc0 16134->16180 16148 7ff73ec9b710 GetLastError 16136->16148 16139 7ff73eca39ce 16139->16130 16149 7ff73ec9b751 FlsSetValue 16148->16149 16150 7ff73ec9b734 FlsGetValue 16148->16150 16152 7ff73ec9b763 16149->16152 16167 7ff73ec9b741 16149->16167 16151 7ff73ec9b74b 16150->16151 16150->16167 16151->16149 16154 7ff73ec9f158 _get_daylight 11 API calls 16152->16154 16153 7ff73ec9b7bd SetLastError 16156 7ff73ec9b7ca 16153->16156 16157 7ff73ec9b7dd 16153->16157 16155 7ff73ec9b772 16154->16155 16158 7ff73ec9b790 FlsSetValue 16155->16158 16159 7ff73ec9b780 FlsSetValue 16155->16159 16156->16139 16170 7ff73eca0cb8 EnterCriticalSection 16156->16170 16171 7ff73ec9aa9c 16157->16171 16162 7ff73ec9b79c FlsSetValue 16158->16162 16163 7ff73ec9b7ae 16158->16163 16161 7ff73ec9b789 16159->16161 16165 7ff73ec9af0c __free_lconv_num 11 API calls 16161->16165 16162->16161 16166 7ff73ec9b4b8 _get_daylight 11 API calls 16163->16166 16165->16167 16168 7ff73ec9b7b6 16166->16168 16167->16153 16169 7ff73ec9af0c __free_lconv_num 11 API calls 16168->16169 16169->16153 16172 7ff73eca3cc0 __CxxCallCatchBlock EnterCriticalSection LeaveCriticalSection 16171->16172 16174 7ff73ec9aaa5 16172->16174 16173 7ff73ec9aab4 16176 7ff73ec9aae7 __CxxCallCatchBlock 16173->16176 16177 7ff73ec9aabd IsProcessorFeaturePresent 16173->16177 16174->16173 16175 7ff73eca3d10 __CxxCallCatchBlock 44 API calls 16174->16175 16175->16173 16178 7ff73ec9aacc 16177->16178 16179 7ff73ec9abd8 _wfindfirst32i64 14 API calls 16178->16179 16179->16176 16181 7ff73ec9b710 __CxxCallCatchBlock 45 API calls 16180->16181 16182 7ff73eca2cc9 16181->16182 16190 7ff73ec9536c EnterCriticalSection 16183->16190 16192 7ff73ec828ac 16191->16192 16193 7ff73ec94ac4 49 API calls 16192->16193 16194 7ff73ec828fd 16193->16194 16195 7ff73ec954c4 _get_daylight 11 API calls 16194->16195 16196 7ff73ec82902 16195->16196 16210 7ff73ec954e4 16196->16210 16199 7ff73ec81ef0 49 API calls 16200 7ff73ec82931 memcpy_s 16199->16200 16201 7ff73ec88ae0 57 API calls 16200->16201 16202 7ff73ec82966 16201->16202 16203 7ff73ec8296b 16202->16203 16204 7ff73ec829a3 MessageBoxA 16202->16204 16205 7ff73ec88ae0 57 API calls 16203->16205 16206 7ff73ec829bd 16204->16206 16207 7ff73ec82985 MessageBoxW 16205->16207 16208 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16206->16208 16207->16206 16209 7ff73ec829cd 16208->16209 16209->15540 16211 7ff73ec9b888 _get_daylight 11 API calls 16210->16211 16212 7ff73ec954fb 16211->16212 16213 7ff73ec9553b 16212->16213 16214 7ff73ec9f158 _get_daylight 11 API calls 16212->16214 16219 7ff73ec82909 16212->16219 16213->16219 16222 7ff73ec9f828 16213->16222 16215 7ff73ec95530 16214->16215 16216 7ff73ec9af0c __free_lconv_num 11 API calls 16215->16216 16216->16213 16219->16199 16220 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16221 7ff73ec95580 16220->16221 16225 7ff73ec9f845 16222->16225 16223 7ff73ec9f84a 16224 7ff73ec954c4 _get_daylight 11 API calls 16223->16224 16228 7ff73ec95561 16223->16228 16226 7ff73ec9f854 16224->16226 16225->16223 16225->16228 16229 7ff73ec9f894 16225->16229 16227 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16226->16227 16227->16228 16228->16219 16228->16220 16229->16228 16230 7ff73ec954c4 _get_daylight 11 API calls 16229->16230 16230->16226 16232 7ff73ec88c82 WideCharToMultiByte 16231->16232 16233 7ff73ec88c14 WideCharToMultiByte 16231->16233 16235 7ff73ec88caf 16232->16235 16241 7ff73ec83f25 16232->16241 16234 7ff73ec88c3e 16233->16234 16238 7ff73ec88c55 16233->16238 16236 7ff73ec829e0 57 API calls 16234->16236 16237 7ff73ec829e0 57 API calls 16235->16237 16236->16241 16237->16241 16238->16232 16239 7ff73ec88c6b 16238->16239 16240 7ff73ec829e0 57 API calls 16239->16240 16240->16241 16241->15549 16241->15551 16243 7ff73ec87bde 16242->16243 16244 7ff73ec9a9b3 16242->16244 16243->15567 16244->16243 16245 7ff73ec9aa3c __std_exception_copy 37 API calls 16244->16245 16246 7ff73ec9a9e0 16245->16246 16246->16243 16247 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16246->16247 16248 7ff73ec9aa10 16247->16248 16250 7ff73ec83fd0 116 API calls 16249->16250 16251 7ff73ec81ad6 16250->16251 16252 7ff73ec882b0 83 API calls 16251->16252 16259 7ff73ec81c84 16251->16259 16254 7ff73ec81b0e 16252->16254 16253 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16255 7ff73ec81c98 16253->16255 16281 7ff73ec81b3f 16254->16281 16288 7ff73ec90814 16254->16288 16255->15587 16282 7ff73ec83e40 16255->16282 16257 7ff73ec9018c 74 API calls 16257->16259 16258 7ff73ec81b28 16260 7ff73ec81b2c 16258->16260 16261 7ff73ec81b44 16258->16261 16259->16253 16262 7ff73ec82890 59 API calls 16260->16262 16292 7ff73ec904dc 16261->16292 16262->16281 16265 7ff73ec81b77 16267 7ff73ec90814 73 API calls 16265->16267 16266 7ff73ec81b5f 16268 7ff73ec82890 59 API calls 16266->16268 16269 7ff73ec81bc4 16267->16269 16268->16281 16270 7ff73ec81bee 16269->16270 16271 7ff73ec81bd6 16269->16271 16273 7ff73ec904dc _fread_nolock 53 API calls 16270->16273 16272 7ff73ec82890 59 API calls 16271->16272 16272->16281 16274 7ff73ec81c03 16273->16274 16275 7ff73ec81c1e 16274->16275 16276 7ff73ec81c09 16274->16276 16295 7ff73ec90250 16275->16295 16277 7ff73ec82890 59 API calls 16276->16277 16277->16281 16280 7ff73ec82b30 59 API calls 16280->16281 16281->16257 16283 7ff73ec81ef0 49 API calls 16282->16283 16284 7ff73ec83e5d 16283->16284 16284->15586 16286 7ff73ec81ef0 49 API calls 16285->16286 16287 7ff73ec84080 16286->16287 16287->15587 16289 7ff73ec90844 16288->16289 16301 7ff73ec905a4 16289->16301 16291 7ff73ec9085d 16291->16258 16313 7ff73ec904fc 16292->16313 16296 7ff73ec90259 16295->16296 16300 7ff73ec81c32 16295->16300 16297 7ff73ec954c4 _get_daylight 11 API calls 16296->16297 16298 7ff73ec9025e 16297->16298 16299 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16298->16299 16299->16300 16300->16280 16300->16281 16302 7ff73ec9060e 16301->16302 16303 7ff73ec905ce 16301->16303 16302->16303 16305 7ff73ec9061a 16302->16305 16304 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16303->16304 16307 7ff73ec905f5 16304->16307 16312 7ff73ec9536c EnterCriticalSection 16305->16312 16307->16291 16314 7ff73ec81b59 16313->16314 16315 7ff73ec90526 16313->16315 16314->16265 16314->16266 16315->16314 16316 7ff73ec90572 16315->16316 16317 7ff73ec90535 memcpy_s 16315->16317 16326 7ff73ec9536c EnterCriticalSection 16316->16326 16319 7ff73ec954c4 _get_daylight 11 API calls 16317->16319 16321 7ff73ec9054a 16319->16321 16323 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16321->16323 16323->16314 16328 7ff73ec87966 16327->16328 16329 7ff73ec879dd GetTempPathW 16328->16329 16330 7ff73ec8798a 16328->16330 16331 7ff73ec879f2 16329->16331 16332 7ff73ec87b60 61 API calls 16330->16332 16366 7ff73ec82830 16331->16366 16333 7ff73ec87996 16332->16333 16390 7ff73ec87420 16333->16390 16339 7ff73ec879bc __vcrt_freefls 16339->16329 16345 7ff73ec879ca 16339->16345 16340 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16341 7ff73ec8154f 16340->16341 16341->15593 16341->15597 16343 7ff73ec87ab6 16347 7ff73ec88bf0 59 API calls 16343->16347 16344 7ff73ec87a0b __vcrt_freefls 16344->16343 16349 7ff73ec87a41 16344->16349 16370 7ff73ec98aa4 16344->16370 16373 7ff73ec88950 16344->16373 16346 7ff73ec82b30 59 API calls 16345->16346 16348 7ff73ec879d6 16346->16348 16351 7ff73ec87ac7 __vcrt_freefls 16347->16351 16365 7ff73ec87a7a __vcrt_freefls 16348->16365 16350 7ff73ec88ae0 57 API calls 16349->16350 16349->16365 16352 7ff73ec87a57 16350->16352 16353 7ff73ec88ae0 57 API calls 16351->16353 16351->16365 16354 7ff73ec87a5c 16352->16354 16355 7ff73ec87a99 SetEnvironmentVariableW 16352->16355 16356 7ff73ec87ae5 16353->16356 16357 7ff73ec88ae0 57 API calls 16354->16357 16355->16365 16358 7ff73ec87b1d SetEnvironmentVariableW 16356->16358 16359 7ff73ec87aea 16356->16359 16360 7ff73ec87a6c 16357->16360 16358->16365 16361 7ff73ec88ae0 57 API calls 16359->16361 16363 7ff73ec97dec 38 API calls 16360->16363 16362 7ff73ec87afa 16361->16362 16364 7ff73ec97dec 38 API calls 16362->16364 16363->16365 16364->16365 16365->16340 16367 7ff73ec82855 16366->16367 16424 7ff73ec94d18 16367->16424 16618 7ff73ec986d0 16370->16618 16374 7ff73ec8bc60 16373->16374 16375 7ff73ec88960 GetCurrentProcess OpenProcessToken 16374->16375 16376 7ff73ec889ab GetTokenInformation 16375->16376 16377 7ff73ec88a21 __vcrt_freefls 16375->16377 16378 7ff73ec889d8 16376->16378 16379 7ff73ec889cd GetLastError 16376->16379 16380 7ff73ec88a34 CloseHandle 16377->16380 16381 7ff73ec88a3a 16377->16381 16378->16377 16382 7ff73ec889ee GetTokenInformation 16378->16382 16379->16377 16379->16378 16380->16381 16749 7ff73ec88650 16381->16749 16382->16377 16384 7ff73ec88a14 ConvertSidToStringSidW 16382->16384 16384->16377 16386 7ff73ec88a96 CreateDirectoryW 16387 7ff73ec88aae 16386->16387 16388 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16387->16388 16389 7ff73ec88ac3 16388->16389 16389->16344 16391 7ff73ec8742c 16390->16391 16392 7ff73ec88ae0 57 API calls 16391->16392 16393 7ff73ec8744e 16392->16393 16394 7ff73ec87469 ExpandEnvironmentStringsW 16393->16394 16395 7ff73ec87456 16393->16395 16397 7ff73ec8748f __vcrt_freefls 16394->16397 16396 7ff73ec82b30 59 API calls 16395->16396 16403 7ff73ec87462 16396->16403 16398 7ff73ec874a6 16397->16398 16399 7ff73ec87493 16397->16399 16404 7ff73ec874b4 16398->16404 16405 7ff73ec874c0 16398->16405 16401 7ff73ec82b30 59 API calls 16399->16401 16400 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16402 7ff73ec87588 16400->16402 16401->16403 16402->16365 16414 7ff73ec97dec 16402->16414 16403->16400 16753 7ff73ec979a4 16404->16753 16760 7ff73ec96328 16405->16760 16408 7ff73ec874be 16409 7ff73ec874da 16408->16409 16412 7ff73ec874ed memcpy_s 16408->16412 16410 7ff73ec82b30 59 API calls 16409->16410 16410->16403 16411 7ff73ec87562 CreateDirectoryW 16411->16403 16412->16411 16413 7ff73ec8753c CreateDirectoryW 16412->16413 16413->16412 16415 7ff73ec97df9 16414->16415 16416 7ff73ec97e0c 16414->16416 16418 7ff73ec954c4 _get_daylight 11 API calls 16415->16418 16861 7ff73ec97a70 16416->16861 16420 7ff73ec97dfe 16418->16420 16421 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16420->16421 16423 7ff73ec97e0a 16421->16423 16423->16339 16426 7ff73ec94d72 16424->16426 16425 7ff73ec94d97 16427 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16425->16427 16426->16425 16428 7ff73ec94dd3 16426->16428 16430 7ff73ec94dc1 16427->16430 16442 7ff73ec930d0 16428->16442 16432 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16430->16432 16431 7ff73ec94eb4 16433 7ff73ec9af0c __free_lconv_num 11 API calls 16431->16433 16435 7ff73ec82874 16432->16435 16433->16430 16435->16344 16436 7ff73ec94e89 16439 7ff73ec9af0c __free_lconv_num 11 API calls 16436->16439 16437 7ff73ec94eda 16437->16431 16438 7ff73ec94ee4 16437->16438 16441 7ff73ec9af0c __free_lconv_num 11 API calls 16438->16441 16439->16430 16440 7ff73ec94e80 16440->16431 16440->16436 16441->16430 16443 7ff73ec9310e 16442->16443 16444 7ff73ec930fe 16442->16444 16445 7ff73ec93117 16443->16445 16449 7ff73ec93145 16443->16449 16447 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16444->16447 16448 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16445->16448 16446 7ff73ec9313d 16446->16431 16446->16436 16446->16437 16446->16440 16447->16446 16448->16446 16449->16444 16449->16446 16453 7ff73ec93ae4 16449->16453 16486 7ff73ec93530 16449->16486 16523 7ff73ec92cc0 16449->16523 16454 7ff73ec93b26 16453->16454 16455 7ff73ec93b97 16453->16455 16458 7ff73ec93bc1 16454->16458 16459 7ff73ec93b2c 16454->16459 16456 7ff73ec93bf0 16455->16456 16457 7ff73ec93b9c 16455->16457 16464 7ff73ec93c07 16456->16464 16465 7ff73ec93bfa 16456->16465 16470 7ff73ec93bff 16456->16470 16460 7ff73ec93bd1 16457->16460 16461 7ff73ec93b9e 16457->16461 16542 7ff73ec91e94 16458->16542 16462 7ff73ec93b60 16459->16462 16463 7ff73ec93b31 16459->16463 16549 7ff73ec91a84 16460->16549 16473 7ff73ec93bad 16461->16473 16475 7ff73ec93b40 16461->16475 16467 7ff73ec93b37 16462->16467 16462->16470 16463->16464 16463->16467 16556 7ff73ec947ec 16464->16556 16465->16458 16465->16470 16472 7ff73ec93b72 16467->16472 16467->16475 16481 7ff73ec93b5b 16467->16481 16484 7ff73ec93c30 16470->16484 16560 7ff73ec922a4 16470->16560 16472->16484 16536 7ff73ec945d4 16472->16536 16473->16458 16476 7ff73ec93bb2 16473->16476 16475->16484 16526 7ff73ec94298 16475->16526 16480 7ff73ec94698 37 API calls 16476->16480 16476->16484 16478 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16479 7ff73ec93f2a 16478->16479 16479->16449 16480->16481 16482 7ff73ec94900 45 API calls 16481->16482 16481->16484 16485 7ff73ec93e1c 16481->16485 16482->16485 16484->16478 16485->16484 16567 7ff73ec9efc8 16485->16567 16487 7ff73ec93554 16486->16487 16488 7ff73ec9353e 16486->16488 16489 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16487->16489 16492 7ff73ec93594 16487->16492 16490 7ff73ec93b26 16488->16490 16491 7ff73ec93b97 16488->16491 16488->16492 16489->16492 16495 7ff73ec93bc1 16490->16495 16496 7ff73ec93b2c 16490->16496 16493 7ff73ec93bf0 16491->16493 16494 7ff73ec93b9c 16491->16494 16492->16449 16502 7ff73ec93c07 16493->16502 16503 7ff73ec93bfa 16493->16503 16508 7ff73ec93bff 16493->16508 16497 7ff73ec93bd1 16494->16497 16498 7ff73ec93b9e 16494->16498 16504 7ff73ec91e94 38 API calls 16495->16504 16499 7ff73ec93b60 16496->16499 16500 7ff73ec93b31 16496->16500 16506 7ff73ec91a84 38 API calls 16497->16506 16501 7ff73ec93b40 16498->16501 16512 7ff73ec93bad 16498->16512 16505 7ff73ec93b37 16499->16505 16499->16508 16500->16502 16500->16505 16507 7ff73ec94298 47 API calls 16501->16507 16522 7ff73ec93c30 16501->16522 16509 7ff73ec947ec 45 API calls 16502->16509 16503->16495 16503->16508 16518 7ff73ec93b5b 16504->16518 16505->16501 16510 7ff73ec93b72 16505->16510 16505->16518 16506->16518 16507->16518 16511 7ff73ec922a4 38 API calls 16508->16511 16508->16522 16509->16518 16513 7ff73ec945d4 46 API calls 16510->16513 16510->16522 16511->16518 16512->16495 16514 7ff73ec93bb2 16512->16514 16513->16518 16517 7ff73ec94698 37 API calls 16514->16517 16514->16522 16515 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16516 7ff73ec93f2a 16515->16516 16516->16449 16517->16518 16519 7ff73ec94900 45 API calls 16518->16519 16521 7ff73ec93e1c 16518->16521 16518->16522 16519->16521 16520 7ff73ec9efc8 46 API calls 16520->16521 16521->16520 16521->16522 16522->16515 16601 7ff73ec91108 16523->16601 16527 7ff73ec942be 16526->16527 16528 7ff73ec90cc0 12 API calls 16527->16528 16529 7ff73ec9430e 16528->16529 16530 7ff73ec9eb30 46 API calls 16529->16530 16531 7ff73ec943e1 16530->16531 16532 7ff73ec94900 45 API calls 16531->16532 16534 7ff73ec94403 16531->16534 16532->16534 16533 7ff73ec94900 45 API calls 16535 7ff73ec94491 16533->16535 16534->16533 16534->16534 16534->16535 16535->16481 16537 7ff73ec94609 16536->16537 16538 7ff73ec94627 16537->16538 16539 7ff73ec94900 45 API calls 16537->16539 16541 7ff73ec9464e 16537->16541 16540 7ff73ec9efc8 46 API calls 16538->16540 16539->16538 16540->16541 16541->16481 16543 7ff73ec91ec7 16542->16543 16544 7ff73ec91ef6 16543->16544 16546 7ff73ec91fb3 16543->16546 16548 7ff73ec91f33 16544->16548 16579 7ff73ec90d68 16544->16579 16547 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16546->16547 16547->16548 16548->16481 16550 7ff73ec91ab7 16549->16550 16551 7ff73ec91ae6 16550->16551 16553 7ff73ec91ba3 16550->16553 16552 7ff73ec90d68 12 API calls 16551->16552 16555 7ff73ec91b23 16551->16555 16552->16555 16554 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16553->16554 16554->16555 16555->16481 16557 7ff73ec9482f 16556->16557 16559 7ff73ec94833 __crtLCMapStringW 16557->16559 16587 7ff73ec94888 16557->16587 16559->16481 16561 7ff73ec922d7 16560->16561 16562 7ff73ec92306 16561->16562 16564 7ff73ec923c3 16561->16564 16563 7ff73ec90d68 12 API calls 16562->16563 16566 7ff73ec92343 16562->16566 16563->16566 16565 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16564->16565 16565->16566 16566->16481 16568 7ff73ec9eff9 16567->16568 16576 7ff73ec9f007 16567->16576 16569 7ff73ec9f027 16568->16569 16570 7ff73ec94900 45 API calls 16568->16570 16568->16576 16571 7ff73ec9f05f 16569->16571 16572 7ff73ec9f038 16569->16572 16570->16569 16574 7ff73ec9f0ea 16571->16574 16575 7ff73ec9f089 16571->16575 16571->16576 16591 7ff73eca0a80 16572->16591 16577 7ff73ec9fc00 _fread_nolock MultiByteToWideChar 16574->16577 16575->16576 16594 7ff73ec9fc00 16575->16594 16576->16485 16577->16576 16580 7ff73ec90d9f 16579->16580 16586 7ff73ec90d8e 16579->16586 16581 7ff73ec9dbbc _fread_nolock 12 API calls 16580->16581 16580->16586 16582 7ff73ec90dd0 16581->16582 16583 7ff73ec9af0c __free_lconv_num 11 API calls 16582->16583 16585 7ff73ec90de4 16582->16585 16583->16585 16584 7ff73ec9af0c __free_lconv_num 11 API calls 16584->16586 16585->16584 16586->16548 16588 7ff73ec948a6 16587->16588 16590 7ff73ec948ae 16587->16590 16589 7ff73ec94900 45 API calls 16588->16589 16589->16590 16590->16559 16597 7ff73eca76e0 16591->16597 16596 7ff73ec9fc09 MultiByteToWideChar 16594->16596 16600 7ff73eca7744 16597->16600 16598 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16599 7ff73eca0a9d 16598->16599 16599->16576 16600->16598 16602 7ff73ec9114f 16601->16602 16603 7ff73ec9113d 16601->16603 16606 7ff73ec9115d 16602->16606 16610 7ff73ec91199 16602->16610 16604 7ff73ec954c4 _get_daylight 11 API calls 16603->16604 16605 7ff73ec91142 16604->16605 16608 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16605->16608 16607 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 16606->16607 16615 7ff73ec9114d 16607->16615 16608->16615 16609 7ff73ec91515 16611 7ff73ec954c4 _get_daylight 11 API calls 16609->16611 16609->16615 16610->16609 16612 7ff73ec954c4 _get_daylight 11 API calls 16610->16612 16613 7ff73ec917a9 16611->16613 16614 7ff73ec9150a 16612->16614 16616 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16613->16616 16617 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16614->16617 16615->16449 16616->16615 16617->16609 16659 7ff73eca1bc8 16618->16659 16718 7ff73eca1940 16659->16718 16739 7ff73eca0cb8 EnterCriticalSection 16718->16739 16750 7ff73ec88675 16749->16750 16751 7ff73ec94d18 48 API calls 16750->16751 16752 7ff73ec88698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16751->16752 16752->16386 16752->16387 16754 7ff73ec979c2 16753->16754 16757 7ff73ec979f5 16753->16757 16754->16757 16772 7ff73eca0e54 16754->16772 16757->16408 16758 7ff73ec9aec4 _wfindfirst32i64 17 API calls 16759 7ff73ec97a25 16758->16759 16761 7ff73ec963b2 16760->16761 16762 7ff73ec96344 16760->16762 16806 7ff73eca04a0 16761->16806 16762->16761 16764 7ff73ec96349 16762->16764 16766 7ff73ec96361 16764->16766 16767 7ff73ec9637e 16764->16767 16765 7ff73ec96376 __vcrt_freefls 16765->16408 16781 7ff73ec960f8 GetFullPathNameW 16766->16781 16789 7ff73ec9616c GetFullPathNameW 16767->16789 16773 7ff73eca0e61 16772->16773 16774 7ff73eca0e6b 16772->16774 16773->16774 16779 7ff73eca0e87 16773->16779 16775 7ff73ec954c4 _get_daylight 11 API calls 16774->16775 16776 7ff73eca0e73 16775->16776 16777 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16776->16777 16778 7ff73ec979f1 16777->16778 16778->16757 16778->16758 16779->16778 16780 7ff73ec954c4 _get_daylight 11 API calls 16779->16780 16780->16776 16782 7ff73ec96134 16781->16782 16783 7ff73ec9611e GetLastError 16781->16783 16785 7ff73ec96130 16782->16785 16787 7ff73ec954c4 _get_daylight 11 API calls 16782->16787 16784 7ff73ec95438 _fread_nolock 11 API calls 16783->16784 16786 7ff73ec9612b 16784->16786 16785->16765 16788 7ff73ec954c4 _get_daylight 11 API calls 16786->16788 16787->16785 16788->16785 16790 7ff73ec9619f GetLastError 16789->16790 16794 7ff73ec961b5 __vcrt_freefls 16789->16794 16791 7ff73ec95438 _fread_nolock 11 API calls 16790->16791 16792 7ff73ec961ac 16791->16792 16793 7ff73ec954c4 _get_daylight 11 API calls 16792->16793 16795 7ff73ec961b1 16793->16795 16794->16795 16796 7ff73ec9620f GetFullPathNameW 16794->16796 16797 7ff73ec96244 16795->16797 16796->16790 16796->16795 16800 7ff73ec9626d memcpy_s 16797->16800 16802 7ff73ec962b8 memcpy_s 16797->16802 16798 7ff73ec962a1 16799 7ff73ec954c4 _get_daylight 11 API calls 16798->16799 16801 7ff73ec962a6 16799->16801 16800->16798 16800->16802 16803 7ff73ec962da 16800->16803 16804 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16801->16804 16802->16765 16803->16802 16805 7ff73ec954c4 _get_daylight 11 API calls 16803->16805 16804->16802 16805->16801 16809 7ff73eca02b0 16806->16809 16810 7ff73eca02f2 16809->16810 16811 7ff73eca02db 16809->16811 16813 7ff73eca02f6 16810->16813 16814 7ff73eca0317 16810->16814 16812 7ff73ec954c4 _get_daylight 11 API calls 16811->16812 16829 7ff73eca02e0 16812->16829 16835 7ff73eca041c 16813->16835 16847 7ff73ec9f918 16814->16847 16817 7ff73eca031c 16822 7ff73eca03c1 16817->16822 16830 7ff73eca0343 16817->16830 16819 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16833 7ff73eca02eb __vcrt_freefls 16819->16833 16820 7ff73eca02ff 16821 7ff73ec954a4 _fread_nolock 11 API calls 16820->16821 16823 7ff73eca0304 16821->16823 16822->16811 16824 7ff73eca03c9 16822->16824 16826 7ff73ec954c4 _get_daylight 11 API calls 16823->16826 16827 7ff73ec960f8 13 API calls 16824->16827 16825 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16828 7ff73eca0411 16825->16828 16826->16829 16827->16833 16828->16765 16829->16819 16831 7ff73ec9616c 14 API calls 16830->16831 16832 7ff73eca0387 16831->16832 16832->16833 16834 7ff73ec96244 37 API calls 16832->16834 16833->16825 16834->16833 16836 7ff73eca0466 16835->16836 16837 7ff73eca0436 16835->16837 16839 7ff73eca0471 GetDriveTypeW 16836->16839 16840 7ff73eca0451 16836->16840 16838 7ff73ec954a4 _fread_nolock 11 API calls 16837->16838 16841 7ff73eca043b 16838->16841 16839->16840 16843 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16840->16843 16842 7ff73ec954c4 _get_daylight 11 API calls 16841->16842 16844 7ff73eca0446 16842->16844 16845 7ff73eca02fb 16843->16845 16846 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 16844->16846 16845->16817 16845->16820 16846->16840 16848 7ff73ec8d0e0 memcpy_s 16847->16848 16849 7ff73ec9f94e GetCurrentDirectoryW 16848->16849 16850 7ff73ec9f965 16849->16850 16851 7ff73ec9f98c 16849->16851 16853 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16850->16853 16852 7ff73ec9f158 _get_daylight 11 API calls 16851->16852 16854 7ff73ec9f99b 16852->16854 16855 7ff73ec9f9f9 16853->16855 16856 7ff73ec9f9b4 16854->16856 16857 7ff73ec9f9a5 GetCurrentDirectoryW 16854->16857 16855->16817 16858 7ff73ec954c4 _get_daylight 11 API calls 16856->16858 16857->16856 16859 7ff73ec9f9b9 16857->16859 16858->16859 16860 7ff73ec9af0c __free_lconv_num 11 API calls 16859->16860 16860->16850 16868 7ff73eca0cb8 EnterCriticalSection 16861->16868 16870 7ff73ec8173e 16869->16870 16871 7ff73ec81726 16869->16871 16873 7ff73ec81768 16870->16873 16874 7ff73ec81744 16870->16874 16872 7ff73ec82b30 59 API calls 16871->16872 16876 7ff73ec81732 16872->16876 16962 7ff73ec87c10 16873->16962 16999 7ff73ec812b0 16874->16999 16876->15622 16880 7ff73ec8178d 16883 7ff73ec82890 59 API calls 16880->16883 16881 7ff73ec817b9 16884 7ff73ec83fd0 116 API calls 16881->16884 16882 7ff73ec8175f 16882->15622 16886 7ff73ec817a3 16883->16886 16887 7ff73ec817ce 16884->16887 16885 7ff73ec82b30 59 API calls 16885->16882 16886->15622 16888 7ff73ec817ee 16887->16888 16889 7ff73ec817d6 16887->16889 16891 7ff73ec90814 73 API calls 16888->16891 16890 7ff73ec82b30 59 API calls 16889->16890 16892 7ff73ec817e5 16890->16892 16893 7ff73ec817ff 16891->16893 16896 7ff73ec9018c 74 API calls 16892->16896 16894 7ff73ec81823 16893->16894 16895 7ff73ec81803 16893->16895 16897 7ff73ec81829 16894->16897 16898 7ff73ec81841 16894->16898 16899 7ff73ec82890 59 API calls 16895->16899 16900 7ff73ec81937 16896->16900 16981 7ff73ec81050 16897->16981 16902 7ff73ec81863 16898->16902 16909 7ff73ec81882 16898->16909 16905 7ff73ec81819 __vcrt_freefls 16899->16905 16900->15622 16904 7ff73ec82890 59 API calls 16902->16904 16903 7ff73ec9018c 74 API calls 16903->16892 16904->16905 16905->16903 16906 7ff73ec904dc _fread_nolock 53 API calls 16906->16909 16907 7ff73ec818e5 16910 7ff73ec82890 59 API calls 16907->16910 16909->16905 16909->16906 16909->16907 17038 7ff73ec90c1c 16909->17038 16910->16905 16912 7ff73ec82d86 16911->16912 16913 7ff73ec81ef0 49 API calls 16912->16913 16914 7ff73ec82db9 16913->16914 16915 7ff73ec83e40 49 API calls 16914->16915 16942 7ff73ec830ea 16914->16942 16916 7ff73ec82e27 16915->16916 16917 7ff73ec83e40 49 API calls 16916->16917 16918 7ff73ec82e38 16917->16918 16919 7ff73ec82e59 16918->16919 16920 7ff73ec82e95 16918->16920 17134 7ff73ec831b0 16919->17134 16922 7ff73ec831b0 75 API calls 16920->16922 16923 7ff73ec82e93 16922->16923 16924 7ff73ec82f16 16923->16924 16925 7ff73ec82ed4 16923->16925 16927 7ff73ec831b0 75 API calls 16924->16927 17142 7ff73ec875a0 16925->17142 16929 7ff73ec82f40 16927->16929 16932 7ff73ec831b0 75 API calls 16929->16932 16939 7ff73ec82fdc 16929->16939 16930 7ff73ec82ef7 16931 7ff73ec83171 16938 7ff73ec82b30 59 API calls 16931->16938 16934 7ff73ec82f72 16932->16934 16934->16939 16940 7ff73ec831b0 75 API calls 16934->16940 16935 7ff73ec81eb0 59 API calls 16937 7ff73ec8302f 16935->16937 16936 7ff73ec82f11 16941 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16936->16941 16937->16942 16944 7ff73ec81ef0 49 API calls 16937->16944 16938->16942 16939->16935 16955 7ff73ec830ef 16939->16955 16943 7ff73ec82fa0 16940->16943 16945 7ff73ec82fd1 16941->16945 16943->16939 16946 7ff73ec82fa4 16943->16946 16947 7ff73ec83057 16944->16947 16945->15622 16948 7ff73ec82b30 59 API calls 16946->16948 16947->16931 16950 7ff73ec81ef0 49 API calls 16947->16950 16948->16936 16949 7ff73ec82b30 59 API calls 16953 7ff73ec83148 16949->16953 16951 7ff73ec83084 16950->16951 16951->16931 16954 7ff73ec81ef0 49 API calls 16951->16954 16953->16931 16953->16949 16956 7ff73ec81710 144 API calls 16953->16956 16957 7ff73ec830b1 16954->16957 16955->16953 17179 7ff73ec95070 16955->17179 16956->16953 16957->16931 16958 7ff73ec81aa0 121 API calls 16957->16958 16963 7ff73ec87c20 16962->16963 16964 7ff73ec81ef0 49 API calls 16963->16964 16965 7ff73ec87c61 16964->16965 16980 7ff73ec87ce1 16965->16980 17042 7ff73ec83f60 16965->17042 16967 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 16969 7ff73ec81785 16967->16969 16969->16880 16969->16881 16970 7ff73ec87d1b 17048 7ff73ec877c0 16970->17048 16971 7ff73ec87c92 __vcrt_freefls 16974 7ff73ec87d04 16971->16974 16975 7ff73ec87cd0 16971->16975 16978 7ff73ec82c50 59 API calls 16974->16978 17062 7ff73ec82c50 16975->17062 16976 7ff73ec87b60 61 API calls 16976->16971 16978->16970 16979 7ff73ec83fd0 116 API calls 16979->16980 16980->16967 16982 7ff73ec810a6 16981->16982 16983 7ff73ec810ad 16982->16983 16984 7ff73ec810d3 16982->16984 16985 7ff73ec82b30 59 API calls 16983->16985 16987 7ff73ec810ed 16984->16987 16988 7ff73ec81109 16984->16988 16986 7ff73ec810c0 16985->16986 16986->16905 16989 7ff73ec82890 59 API calls 16987->16989 16990 7ff73ec8111b 16988->16990 16995 7ff73ec81137 memcpy_s 16988->16995 16993 7ff73ec81104 __vcrt_freefls 16989->16993 16991 7ff73ec82890 59 API calls 16990->16991 16991->16993 16992 7ff73ec904dc _fread_nolock 53 API calls 16992->16995 16993->16905 16995->16992 16995->16993 16996 7ff73ec90c1c 76 API calls 16995->16996 16997 7ff73ec811fe 16995->16997 16998 7ff73ec90250 37 API calls 16995->16998 16996->16995 16998->16995 17000 7ff73ec812c2 16999->17000 17001 7ff73ec83fd0 116 API calls 17000->17001 17002 7ff73ec812f2 17001->17002 17003 7ff73ec812fa 17002->17003 17004 7ff73ec81311 17002->17004 17006 7ff73ec82b30 59 API calls 17003->17006 17005 7ff73ec90814 73 API calls 17004->17005 17007 7ff73ec81323 17005->17007 17011 7ff73ec8130a __vcrt_freefls 17006->17011 17008 7ff73ec8134d 17007->17008 17009 7ff73ec81327 17007->17009 17015 7ff73ec81368 17008->17015 17016 7ff73ec81390 17008->17016 17010 7ff73ec82890 59 API calls 17009->17010 17012 7ff73ec8133e 17010->17012 17013 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17011->17013 17014 7ff73ec9018c 74 API calls 17012->17014 17019 7ff73ec81454 17013->17019 17014->17011 17020 7ff73ec82890 59 API calls 17015->17020 17017 7ff73ec813aa 17016->17017 17018 7ff73ec81463 17016->17018 17021 7ff73ec81050 98 API calls 17017->17021 17027 7ff73ec904dc _fread_nolock 53 API calls 17018->17027 17030 7ff73ec814bb 17018->17030 17032 7ff73ec813c3 17018->17032 17019->16882 17019->16885 17022 7ff73ec81383 17020->17022 17023 7ff73ec813bb 17021->17023 17025 7ff73ec9018c 74 API calls 17022->17025 17023->17032 17035 7ff73ec814d2 __vcrt_freefls 17023->17035 17024 7ff73ec9018c 74 API calls 17026 7ff73ec813cf 17024->17026 17025->17011 17028 7ff73ec877c0 72 API calls 17026->17028 17027->17018 17029 7ff73ec813de 17028->17029 17029->17011 17034 7ff73ec81ef0 49 API calls 17029->17034 17033 7ff73ec82890 59 API calls 17030->17033 17031 7ff73ec9018c 74 API calls 17031->17011 17032->17024 17033->17035 17036 7ff73ec8140c 17034->17036 17035->17031 17036->17011 17105 7ff73ec84170 17036->17105 17039 7ff73ec90c4c 17038->17039 17119 7ff73ec9096c 17039->17119 17041 7ff73ec90c6a 17041->16909 17043 7ff73ec83f6a 17042->17043 17044 7ff73ec88ae0 57 API calls 17043->17044 17045 7ff73ec83f92 17044->17045 17046 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17045->17046 17047 7ff73ec83fba 17046->17047 17047->16970 17047->16971 17047->16976 17049 7ff73ec877d0 17048->17049 17050 7ff73ec81ef0 49 API calls 17049->17050 17051 7ff73ec87801 17050->17051 17052 7ff73ec87919 17051->17052 17053 7ff73ec81ef0 49 API calls 17051->17053 17054 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17052->17054 17056 7ff73ec87828 17053->17056 17055 7ff73ec8792e 17054->17055 17055->16979 17055->16980 17056->17052 17075 7ff73ec960c8 17056->17075 17063 7ff73ec82c70 17062->17063 17064 7ff73ec94ac4 49 API calls 17063->17064 17065 7ff73ec82cbb memcpy_s 17064->17065 17066 7ff73ec88ae0 57 API calls 17065->17066 17067 7ff73ec82cf0 17066->17067 17068 7ff73ec82d2d MessageBoxA 17067->17068 17069 7ff73ec82cf5 17067->17069 17070 7ff73ec82d47 17068->17070 17071 7ff73ec88ae0 57 API calls 17069->17071 17073 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17070->17073 17072 7ff73ec82d0f MessageBoxW 17071->17072 17072->17070 17076 7ff73ec9b710 __CxxCallCatchBlock 45 API calls 17075->17076 17077 7ff73ec960dd 17076->17077 17078 7ff73eca02a7 17077->17078 17083 7ff73eca01c6 17077->17083 17106 7ff73ec84180 17105->17106 17107 7ff73ec88ae0 57 API calls 17106->17107 17108 7ff73ec841ae 17107->17108 17120 7ff73ec909b9 17119->17120 17121 7ff73ec9098c 17119->17121 17120->17041 17121->17120 17122 7ff73ec909c1 17121->17122 17123 7ff73ec90996 17121->17123 17135 7ff73ec831e4 17134->17135 17136 7ff73ec94ac4 49 API calls 17135->17136 17137 7ff73ec8320a 17136->17137 17138 7ff73ec8321b 17137->17138 17194 7ff73ec95dec 17137->17194 17140 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17138->17140 17141 7ff73ec83239 17140->17141 17141->16923 17143 7ff73ec875ae 17142->17143 17144 7ff73ec83fd0 116 API calls 17143->17144 17145 7ff73ec875dd 17144->17145 17146 7ff73ec81ef0 49 API calls 17145->17146 17147 7ff73ec87606 17146->17147 17148 7ff73ec8760d 17147->17148 17149 7ff73ec83f60 57 API calls 17147->17149 17150 7ff73ec87789 17148->17150 17153 7ff73ec876e9 17148->17153 17151 7ff73ec87620 17149->17151 17152 7ff73ec87785 17150->17152 17156 7ff73ec9018c 74 API calls 17150->17156 17154 7ff73ec876a4 17151->17154 17158 7ff73ec87b60 61 API calls 17151->17158 17163 7ff73ec8763e __vcrt_freefls 17151->17163 17162 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17152->17162 17374 7ff73ec90224 17153->17374 17157 7ff73ec877c0 72 API calls 17154->17157 17156->17152 17159 7ff73ec876af 17157->17159 17158->17163 17159->17148 17168 7ff73ec83fd0 116 API calls 17159->17168 17160 7ff73ec87677 17164 7ff73ec82c50 59 API calls 17160->17164 17161 7ff73ec8768d 17166 7ff73ec82c50 59 API calls 17161->17166 17165 7ff73ec82eee 17162->17165 17163->17160 17163->17161 17164->17148 17165->16930 17165->16931 17166->17154 17168->17148 17170 7ff73ec904dc _fread_nolock 53 API calls 17172 7ff73ec876ee 17170->17172 17172->17170 17173 7ff73ec90c1c 76 API calls 17172->17173 17174 7ff73ec90250 37 API calls 17172->17174 17175 7ff73ec8772c 17172->17175 17176 7ff73ec90224 37 API calls 17172->17176 17178 7ff73ec87766 17172->17178 17173->17172 17174->17172 17176->17172 17180 7ff73ec950aa 17179->17180 17181 7ff73ec9507d 17179->17181 17183 7ff73ec950cd 17180->17183 17185 7ff73ec950e9 17180->17185 17182 7ff73ec954c4 _get_daylight 11 API calls 17181->17182 17191 7ff73ec95034 17181->17191 17186 7ff73ec95087 17182->17186 17184 7ff73ec954c4 _get_daylight 11 API calls 17183->17184 17187 7ff73ec950d2 17184->17187 17188 7ff73ec94f98 45 API calls 17185->17188 17189 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 17186->17189 17190 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 17187->17190 17193 7ff73ec950dd 17188->17193 17192 7ff73ec95092 17189->17192 17190->17193 17191->16955 17192->16955 17193->16955 17195 7ff73ec95e15 17194->17195 17196 7ff73ec95e09 17194->17196 17236 7ff73ec94f98 17195->17236 17211 7ff73ec95700 17196->17211 17200 7ff73ec95e0e 17200->17138 17202 7ff73ec95e4d 17247 7ff73ec95584 17202->17247 17205 7ff73ec95ea9 17205->17200 17208 7ff73ec9af0c __free_lconv_num 11 API calls 17205->17208 17206 7ff73ec95ebd 17207 7ff73ec95700 69 API calls 17206->17207 17209 7ff73ec95ec9 17207->17209 17208->17200 17209->17200 17212 7ff73ec95737 17211->17212 17213 7ff73ec9571a 17211->17213 17212->17213 17215 7ff73ec9574a CreateFileW 17212->17215 17214 7ff73ec954a4 _fread_nolock 11 API calls 17213->17214 17218 7ff73ec9571f 17214->17218 17216 7ff73ec957b4 17215->17216 17217 7ff73ec9577e 17215->17217 17295 7ff73ec95cdc 17216->17295 17269 7ff73ec95854 GetFileType 17217->17269 17221 7ff73ec954c4 _get_daylight 11 API calls 17218->17221 17224 7ff73ec95727 17221->17224 17229 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 17224->17229 17227 7ff73ec957e8 17230 7ff73ec95732 17229->17230 17230->17200 17237 7ff73ec94fbc 17236->17237 17243 7ff73ec94fb7 17236->17243 17238 7ff73ec9b710 __CxxCallCatchBlock 45 API calls 17237->17238 17237->17243 17239 7ff73ec94fd7 17238->17239 17357 7ff73ec9df44 17239->17357 17243->17202 17244 7ff73ec9f3e4 17243->17244 17365 7ff73ec9f1d0 17244->17365 17248 7ff73ec955d2 17247->17248 17249 7ff73ec955ae 17247->17249 17250 7ff73ec9562c 17248->17250 17251 7ff73ec955d7 17248->17251 17253 7ff73ec9af0c __free_lconv_num 11 API calls 17249->17253 17268 7ff73ec955bd 17249->17268 17252 7ff73ec9fc00 _fread_nolock MultiByteToWideChar 17250->17252 17254 7ff73ec955ec 17251->17254 17256 7ff73ec9af0c __free_lconv_num 11 API calls 17251->17256 17251->17268 17262 7ff73ec95648 17252->17262 17253->17268 17257 7ff73ec9dbbc _fread_nolock 12 API calls 17254->17257 17255 7ff73ec9564f GetLastError 17256->17254 17257->17268 17259 7ff73ec9568a 17259->17268 17261 7ff73ec9567d 17262->17255 17262->17259 17262->17261 17265 7ff73ec9af0c __free_lconv_num 11 API calls 17262->17265 17265->17261 17268->17205 17268->17206 17270 7ff73ec9595f 17269->17270 17271 7ff73ec958a2 17269->17271 17273 7ff73ec95967 17270->17273 17274 7ff73ec95989 17270->17274 17272 7ff73ec958ce GetFileInformationByHandle 17271->17272 17276 7ff73ec95bd8 21 API calls 17271->17276 17277 7ff73ec958f7 17272->17277 17278 7ff73ec9597a GetLastError 17272->17278 17273->17278 17279 7ff73ec9596b 17273->17279 17275 7ff73ec959ac PeekNamedPipe 17274->17275 17294 7ff73ec9594a 17274->17294 17275->17294 17280 7ff73ec958bc 17276->17280 17281 7ff73ec95a9c 51 API calls 17277->17281 17283 7ff73ec95438 _fread_nolock 11 API calls 17278->17283 17282 7ff73ec954c4 _get_daylight 11 API calls 17279->17282 17280->17272 17280->17294 17285 7ff73ec95902 17281->17285 17282->17294 17283->17294 17284 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17286 7ff73ec9578c 17284->17286 17294->17284 17296 7ff73ec95d12 17295->17296 17297 7ff73ec954c4 _get_daylight 11 API calls 17296->17297 17315 7ff73ec95daa __vcrt_freefls 17296->17315 17299 7ff73ec95d24 17297->17299 17298 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17300 7ff73ec957b9 17298->17300 17301 7ff73ec954c4 _get_daylight 11 API calls 17299->17301 17300->17227 17315->17298 17358 7ff73ec94ffa 17357->17358 17359 7ff73ec9df59 17357->17359 17361 7ff73ec9dfb0 17358->17361 17359->17358 17360 7ff73eca3974 45 API calls 17359->17360 17360->17358 17362 7ff73ec9dfc5 17361->17362 17364 7ff73ec9dfd8 17361->17364 17363 7ff73eca2cc0 45 API calls 17362->17363 17362->17364 17363->17364 17364->17243 17366 7ff73ec9f22d 17365->17366 17367 7ff73ec9f228 __vcrt_FlsAlloc 17365->17367 17366->17202 17367->17366 17368 7ff73ec9f25d LoadLibraryExW 17367->17368 17369 7ff73ec9f352 GetProcAddress 17367->17369 17373 7ff73ec9f2bc LoadLibraryExW 17367->17373 17370 7ff73ec9f332 17368->17370 17371 7ff73ec9f282 GetLastError 17368->17371 17369->17366 17370->17369 17372 7ff73ec9f349 FreeLibrary 17370->17372 17371->17367 17372->17369 17373->17367 17373->17370 17375 7ff73ec9023d 17374->17375 17376 7ff73ec9022d 17374->17376 17375->17172 17377 7ff73ec954c4 _get_daylight 11 API calls 17376->17377 17378 7ff73ec90232 17377->17378 17401 7ff73ec8812a 17400->17401 17402 7ff73ec9aa1d 17400->17402 17406 7ff73ec98630 17401->17406 17403 7ff73ec954c4 _get_daylight 11 API calls 17402->17403 17404 7ff73ec9aa22 17403->17404 17405 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 17404->17405 17405->17401 17407 7ff73ec98639 17406->17407 17408 7ff73ec9864e 17406->17408 17409 7ff73ec954a4 _fread_nolock 11 API calls 17407->17409 17410 7ff73ec954a4 _fread_nolock 11 API calls 17408->17410 17415 7ff73ec98646 17408->17415 17411 7ff73ec9863e 17409->17411 17412 7ff73ec98689 17410->17412 17413 7ff73ec954c4 _get_daylight 11 API calls 17411->17413 17414 7ff73ec954c4 _get_daylight 11 API calls 17412->17414 17413->17415 17416 7ff73ec98691 17414->17416 17415->15639 17419 7ff73ec963dc 17418->17419 17420 7ff73ec96402 17419->17420 17423 7ff73ec96435 17419->17423 17421 7ff73ec954c4 _get_daylight 11 API calls 17420->17421 17422 7ff73ec96407 17421->17422 17424 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 17422->17424 17425 7ff73ec96448 17423->17425 17426 7ff73ec9643b 17423->17426 17429 7ff73ec84029 17424->17429 17437 7ff73ec9b1ec 17425->17437 17427 7ff73ec954c4 _get_daylight 11 API calls 17426->17427 17427->17429 17429->15675 17450 7ff73eca0cb8 EnterCriticalSection 17437->17450 17798 7ff73ec990a0 17797->17798 17801 7ff73ec98b7c 17798->17801 17800 7ff73ec990b9 17800->15685 17802 7ff73ec98bc6 17801->17802 17803 7ff73ec98b97 17801->17803 17811 7ff73ec9536c EnterCriticalSection 17802->17811 17804 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 17803->17804 17808 7ff73ec98bb7 17804->17808 17808->17800 17813 7ff73ec8ffb1 17812->17813 17814 7ff73ec8ff83 17812->17814 17816 7ff73ec8ffa3 17813->17816 17822 7ff73ec9536c EnterCriticalSection 17813->17822 17815 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 17814->17815 17815->17816 17816->15689 17824 7ff73ec83fd0 116 API calls 17823->17824 17825 7ff73ec815c7 17824->17825 17826 7ff73ec815f0 17825->17826 17827 7ff73ec815cf 17825->17827 17829 7ff73ec90814 73 API calls 17826->17829 17828 7ff73ec82b30 59 API calls 17827->17828 17830 7ff73ec815df 17828->17830 17831 7ff73ec81601 17829->17831 17830->15694 17832 7ff73ec81605 17831->17832 17833 7ff73ec81621 17831->17833 17834 7ff73ec82890 59 API calls 17832->17834 17835 7ff73ec81651 17833->17835 17836 7ff73ec81631 17833->17836 17845 7ff73ec8161c __vcrt_freefls 17834->17845 17837 7ff73ec81666 17835->17837 17843 7ff73ec8167d 17835->17843 17839 7ff73ec82890 59 API calls 17836->17839 17840 7ff73ec81050 98 API calls 17837->17840 17838 7ff73ec9018c 74 API calls 17841 7ff73ec816f7 17838->17841 17839->17845 17840->17845 17841->15694 17842 7ff73ec904dc _fread_nolock 53 API calls 17842->17843 17843->17842 17844 7ff73ec816be 17843->17844 17843->17845 17846 7ff73ec82890 59 API calls 17844->17846 17845->17838 17846->17845 17849 7ff73ec819d3 17847->17849 17850 7ff73ec8196f 17847->17850 17848 7ff73ec95070 45 API calls 17848->17850 17849->15700 17850->17848 17850->17849 17852 7ff73ec88ae0 57 API calls 17851->17852 17853 7ff73ec88277 LoadLibraryExW 17852->17853 17854 7ff73ec88294 __vcrt_freefls 17853->17854 17854->15721 17856 7ff73ec86f3c GetProcAddress 17855->17856 17857 7ff73ec86f19 17855->17857 17856->17857 17858 7ff73ec86f61 GetProcAddress 17856->17858 17860 7ff73ec829e0 57 API calls 17857->17860 17858->17857 17859 7ff73ec86f86 GetProcAddress 17858->17859 17859->17857 17861 7ff73ec86fae GetProcAddress 17859->17861 17862 7ff73ec86f2c 17860->17862 17861->17857 17863 7ff73ec86fd6 GetProcAddress 17861->17863 17862->15728 17863->17857 17864 7ff73ec86ffe GetProcAddress 17863->17864 17865 7ff73ec8701a 17864->17865 17866 7ff73ec87026 GetProcAddress 17864->17866 17865->17866 17867 7ff73ec8704e GetProcAddress 17866->17867 17868 7ff73ec87042 17866->17868 17868->17867 17914->15738 17915->15739 17917 7ff73ec85bd0 17916->17917 17918 7ff73ec81ef0 49 API calls 17917->17918 17919 7ff73ec85c02 17918->17919 17920 7ff73ec85c2b 17919->17920 17921 7ff73ec85c0b 17919->17921 17923 7ff73ec85c82 17920->17923 17925 7ff73ec84050 49 API calls 17920->17925 17922 7ff73ec82b30 59 API calls 17921->17922 17943 7ff73ec85c21 17922->17943 17924 7ff73ec84050 49 API calls 17923->17924 17926 7ff73ec85c9b 17924->17926 17927 7ff73ec85c4c 17925->17927 17928 7ff73ec85cb9 17926->17928 17932 7ff73ec82b30 59 API calls 17926->17932 17929 7ff73ec85c6a 17927->17929 17934 7ff73ec82b30 59 API calls 17927->17934 17933 7ff73ec88260 58 API calls 17928->17933 17935 7ff73ec83f60 57 API calls 17929->17935 17930 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 17931 7ff73ec8346e 17930->17931 17931->15748 17944 7ff73ec85d20 17931->17944 17932->17928 17936 7ff73ec85cc6 17933->17936 17934->17929 17939 7ff73ec85c74 17935->17939 17937 7ff73ec85ced 17936->17937 17938 7ff73ec85ccb 17936->17938 18014 7ff73ec851e0 GetProcAddress 17937->18014 17941 7ff73ec829e0 57 API calls 17938->17941 17939->17923 17940 7ff73ec88260 58 API calls 17939->17940 17940->17923 17941->17943 17943->17930 18098 7ff73ec84de0 17944->18098 17946 7ff73ec85d44 17947 7ff73ec85d5d 17946->17947 17948 7ff73ec85d4c 17946->17948 18105 7ff73ec84530 17947->18105 17950 7ff73ec82b30 59 API calls 17948->17950 17957 7ff73ec85d58 17950->17957 17952 7ff73ec85d7a 17955 7ff73ec85d98 17952->17955 17956 7ff73ec85d87 17952->17956 17953 7ff73ec85d69 17954 7ff73ec82b30 59 API calls 17953->17954 17954->17957 18109 7ff73ec84870 17955->18109 17958 7ff73ec82b30 59 API calls 17956->17958 17957->15750 17958->17957 17986 7ff73ec85937 17985->17986 17986->17986 17987 7ff73ec85960 17986->17987 17993 7ff73ec85977 __vcrt_freefls 17986->17993 17988 7ff73ec82b30 59 API calls 17987->17988 17989 7ff73ec8596c 17988->17989 17989->15752 17990 7ff73ec85a67 17990->15752 17991 7ff73ec815a0 122 API calls 17991->17993 17992 7ff73ec82b30 59 API calls 17992->17993 17993->17990 17993->17991 17993->17992 18015 7ff73ec85202 18014->18015 18016 7ff73ec85220 GetProcAddress 18014->18016 18019 7ff73ec829e0 57 API calls 18015->18019 18016->18015 18017 7ff73ec85245 GetProcAddress 18016->18017 18017->18015 18018 7ff73ec8526a GetProcAddress 18017->18018 18018->18015 18020 7ff73ec85292 GetProcAddress 18018->18020 18021 7ff73ec85215 18019->18021 18020->18015 18022 7ff73ec852ba GetProcAddress 18020->18022 18021->17943 18022->18015 18023 7ff73ec852e2 GetProcAddress 18022->18023 18023->18015 18024 7ff73ec8530a GetProcAddress 18023->18024 18025 7ff73ec85326 18024->18025 18026 7ff73ec85332 GetProcAddress 18024->18026 18025->18026 18027 7ff73ec8534e 18026->18027 18028 7ff73ec8535a GetProcAddress 18026->18028 18027->18028 18029 7ff73ec85376 18028->18029 18030 7ff73ec85382 GetProcAddress 18028->18030 18029->18030 18031 7ff73ec8539e 18030->18031 18032 7ff73ec853aa GetProcAddress 18030->18032 18031->18032 18100 7ff73ec84e05 18098->18100 18099 7ff73ec84e0d 18099->17946 18100->18099 18101 7ff73ec84f9f 18100->18101 18140 7ff73ec96fb8 18100->18140 18102 7ff73ec8514a __vcrt_freefls 18101->18102 18103 7ff73ec84250 47 API calls 18101->18103 18102->17946 18103->18101 18106 7ff73ec84560 18105->18106 18107 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 18106->18107 18108 7ff73ec845c2 18107->18108 18108->17952 18108->17953 18110 7ff73ec848e1 18109->18110 18113 7ff73ec84884 18109->18113 18111 7ff73ec843d0 57 API calls 18110->18111 18115 7ff73ec848cc 18113->18115 18198 7ff73ec843d0 18113->18198 18141 7ff73ec96fe8 18140->18141 18144 7ff73ec964b4 18141->18144 18143 7ff73ec97018 18143->18100 18145 7ff73ec964e5 18144->18145 18146 7ff73ec964f7 18144->18146 18148 7ff73ec954c4 _get_daylight 11 API calls 18145->18148 18147 7ff73ec96541 18146->18147 18149 7ff73ec96504 18146->18149 18150 7ff73ec9655c 18147->18150 18153 7ff73ec94900 45 API calls 18147->18153 18151 7ff73ec964ea 18148->18151 18152 7ff73ec9add8 _invalid_parameter_noinfo 37 API calls 18149->18152 18157 7ff73ec9657e 18150->18157 18165 7ff73ec96f40 18150->18165 18155 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 18151->18155 18156 7ff73ec964f5 18152->18156 18153->18150 18155->18156 18156->18143 18158 7ff73ec9661f 18157->18158 18160 7ff73ec954c4 _get_daylight 11 API calls 18157->18160 18158->18156 18159 7ff73ec954c4 _get_daylight 11 API calls 18158->18159 18161 7ff73ec966ca 18159->18161 18162 7ff73ec96614 18160->18162 18163 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 18161->18163 18164 7ff73ec9aea4 _invalid_parameter_noinfo 37 API calls 18162->18164 18163->18156 18164->18158 18166 7ff73ec96f63 18165->18166 18167 7ff73ec96f7a 18165->18167 18171 7ff73eca0948 18166->18171 18169 7ff73ec96f68 18167->18169 18176 7ff73eca0978 18167->18176 18169->18150 18172 7ff73ec9b710 __CxxCallCatchBlock 45 API calls 18171->18172 18173 7ff73eca0951 18172->18173 18174 7ff73ec9df44 45 API calls 18173->18174 18177 7ff73ec94f98 45 API calls 18176->18177 18179 7ff73eca09b1 18177->18179 18178 7ff73eca09bd 18180 7ff73ec8bcc0 _wfindfirst32i64 8 API calls 18178->18180 18179->18178 18183 7ff73eca34b0 18179->18183 18184 7ff73ec94f98 45 API calls 18183->18184 18276 7ff73ec9b710 __CxxCallCatchBlock 45 API calls 18275->18276 18278 7ff73ec9a971 18276->18278 18277 7ff73ec9aa9c __CxxCallCatchBlock 45 API calls 18279 7ff73ec9a991 18277->18279 18278->18277 19372 7ff73eca1d20 19383 7ff73eca7cb4 19372->19383 19384 7ff73eca7cc1 19383->19384 19385 7ff73ec9af0c __free_lconv_num 11 API calls 19384->19385 19386 7ff73eca7cdd 19384->19386 19385->19384 19387 7ff73ec9af0c __free_lconv_num 11 API calls 19386->19387 19388 7ff73eca1d29 19386->19388 19387->19386 19389 7ff73eca0cb8 EnterCriticalSection 19388->19389 15244 7ff73ec8b240 15245 7ff73ec8b26e 15244->15245 15246 7ff73ec8b255 15244->15246 15246->15245 15248 7ff73ec9dbbc 12 API calls 15246->15248 15247 7ff73ec8b2cc 15248->15247

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF73ECA6370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 133 7ff73eca6370-7ff73eca63ab call 7ff73eca5cf8 call 7ff73eca5d00 call 7ff73eca5d68 140 7ff73eca63b1-7ff73eca63bc call 7ff73eca5d08 133->140 141 7ff73eca65d5-7ff73eca6621 call 7ff73ec9aec4 call 7ff73eca5cf8 call 7ff73eca5d00 call 7ff73eca5d68 133->141 140->141 147 7ff73eca63c2-7ff73eca63cc 140->147 168 7ff73eca675f-7ff73eca67cd call 7ff73ec9aec4 call 7ff73eca1be8 141->168 169 7ff73eca6627-7ff73eca6632 call 7ff73eca5d08 141->169 149 7ff73eca63ee-7ff73eca63f2 147->149 150 7ff73eca63ce-7ff73eca63d1 147->150 151 7ff73eca63f5-7ff73eca63fd 149->151 153 7ff73eca63d4-7ff73eca63df 150->153 151->151 154 7ff73eca63ff-7ff73eca6412 call 7ff73ec9dbbc 151->154 156 7ff73eca63e1-7ff73eca63e8 153->156 157 7ff73eca63ea-7ff73eca63ec 153->157 163 7ff73eca6414-7ff73eca6416 call 7ff73ec9af0c 154->163 164 7ff73eca642a-7ff73eca6436 call 7ff73ec9af0c 154->164 156->153 156->157 157->149 158 7ff73eca641b-7ff73eca6429 157->158 163->158 173 7ff73eca643d-7ff73eca6445 164->173 185 7ff73eca67cf-7ff73eca67d6 168->185 186 7ff73eca67db-7ff73eca67de 168->186 169->168 177 7ff73eca6638-7ff73eca6643 call 7ff73eca5d38 169->177 173->173 176 7ff73eca6447-7ff73eca6458 call 7ff73eca0e54 173->176 176->141 187 7ff73eca645e-7ff73eca64b4 call 7ff73ec8d0e0 * 4 call 7ff73eca628c 176->187 177->168 188 7ff73eca6649-7ff73eca666c call 7ff73ec9af0c GetTimeZoneInformation 177->188 191 7ff73eca686b-7ff73eca686e 185->191 192 7ff73eca67e0 186->192 193 7ff73eca6815-7ff73eca6828 call 7ff73ec9dbbc 186->193 245 7ff73eca64b6-7ff73eca64ba 187->245 200 7ff73eca6672-7ff73eca6693 188->200 201 7ff73eca6734-7ff73eca675e call 7ff73eca5cf0 call 7ff73eca5ce0 call 7ff73eca5ce8 188->201 196 7ff73eca67e3 call 7ff73eca65ec 191->196 197 7ff73eca6874-7ff73eca687c call 7ff73eca6370 191->197 192->196 211 7ff73eca6833-7ff73eca684e call 7ff73eca1be8 193->211 212 7ff73eca682a 193->212 208 7ff73eca67e8-7ff73eca6814 call 7ff73ec9af0c call 7ff73ec8bcc0 196->208 197->208 206 7ff73eca6695-7ff73eca669b 200->206 207 7ff73eca669e-7ff73eca66a5 200->207 206->207 215 7ff73eca66a7-7ff73eca66af 207->215 216 7ff73eca66b9 207->216 228 7ff73eca6850-7ff73eca6853 211->228 229 7ff73eca6855-7ff73eca6867 call 7ff73ec9af0c 211->229 219 7ff73eca682c-7ff73eca6831 call 7ff73ec9af0c 212->219 215->216 222 7ff73eca66b1-7ff73eca66b7 215->222 223 7ff73eca66bb-7ff73eca672f call 7ff73ec8d0e0 * 4 call 7ff73eca31cc call 7ff73eca6884 * 2 216->223 219->192 222->223 223->201 228->219 229->191 247 7ff73eca64c0-7ff73eca64c4 245->247 248 7ff73eca64bc 245->248 247->245 250 7ff73eca64c6-7ff73eca64eb call 7ff73ec9706c 247->250 248->247 256 7ff73eca64ee-7ff73eca64f2 250->256 258 7ff73eca6501-7ff73eca6505 256->258 259 7ff73eca64f4-7ff73eca64ff 256->259 258->256 259->258 261 7ff73eca6507-7ff73eca650b 259->261 263 7ff73eca658c-7ff73eca6590 261->263 264 7ff73eca650d-7ff73eca6535 call 7ff73ec9706c 261->264 266 7ff73eca6592-7ff73eca6594 263->266 267 7ff73eca6597-7ff73eca65a4 263->267 273 7ff73eca6553-7ff73eca6557 264->273 274 7ff73eca6537 264->274 266->267 269 7ff73eca65bf-7ff73eca65ce call 7ff73eca5cf0 call 7ff73eca5ce0 267->269 270 7ff73eca65a6-7ff73eca65bc call 7ff73eca628c 267->270 269->141 270->269 273->263 279 7ff73eca6559-7ff73eca6577 call 7ff73ec9706c 273->279 277 7ff73eca653a-7ff73eca6541 274->277 277->273 280 7ff73eca6543-7ff73eca6551 277->280 285 7ff73eca6583-7ff73eca658a 279->285 280->273 280->277 285->263 286 7ff73eca6579-7ff73eca657d 285->286 286->263 287 7ff73eca657f 286->287 287->285
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA63B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73ECA5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73ECA5D1C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF22
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: GetLastError.KERNEL32(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF2C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF73EC9AEA3,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9AECD
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF73EC9AEA3,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9AEF2
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA63A4
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73ECA5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73ECA5D7C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA661A
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA662B
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA663C
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF73ECA687C), ref: 00007FF73ECA6663
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                    • Instruction ID: 935ac6b524926e9469eda33b721f6b09f06230603dc28712e6b8aeab334e5e07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAD1C176E08202A6EB20FF22D8505BDB761EF44784FC08535EA4D43686DF3CE44AE360
                                                                                                                                                                                                                                                    Function 00007FF73ECA72BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 318 7ff73eca72bc-7ff73eca732f call 7ff73eca6ff0 321 7ff73eca7331-7ff73eca733a call 7ff73ec954a4 318->321 322 7ff73eca7349-7ff73eca7353 call 7ff73ec98434 318->322 327 7ff73eca733d-7ff73eca7344 call 7ff73ec954c4 321->327 328 7ff73eca7355-7ff73eca736c call 7ff73ec954a4 call 7ff73ec954c4 322->328 329 7ff73eca736e-7ff73eca73d7 CreateFileW 322->329 342 7ff73eca768a-7ff73eca76aa 327->342 328->327 330 7ff73eca7454-7ff73eca745f GetFileType 329->330 331 7ff73eca73d9-7ff73eca73df 329->331 337 7ff73eca74b2-7ff73eca74b9 330->337 338 7ff73eca7461-7ff73eca749c GetLastError call 7ff73ec95438 CloseHandle 330->338 334 7ff73eca7421-7ff73eca744f GetLastError call 7ff73ec95438 331->334 335 7ff73eca73e1-7ff73eca73e5 331->335 334->327 335->334 340 7ff73eca73e7-7ff73eca741f CreateFileW 335->340 345 7ff73eca74c1-7ff73eca74c4 337->345 346 7ff73eca74bb-7ff73eca74bf 337->346 338->327 353 7ff73eca74a2-7ff73eca74ad call 7ff73ec954c4 338->353 340->330 340->334 347 7ff73eca74c6 345->347 348 7ff73eca74ca-7ff73eca751f call 7ff73ec9834c 345->348 346->348 347->348 356 7ff73eca7521-7ff73eca752d call 7ff73eca71f8 348->356 357 7ff73eca753e-7ff73eca756f call 7ff73eca6d70 348->357 353->327 356->357 363 7ff73eca752f 356->363 364 7ff73eca7571-7ff73eca7573 357->364 365 7ff73eca7575-7ff73eca75b7 357->365 368 7ff73eca7531-7ff73eca7539 call 7ff73ec9b084 363->368 364->368 366 7ff73eca75d9-7ff73eca75e4 365->366 367 7ff73eca75b9-7ff73eca75bd 365->367 370 7ff73eca7688 366->370 371 7ff73eca75ea-7ff73eca75ee 366->371 367->366 369 7ff73eca75bf-7ff73eca75d4 367->369 368->342 369->366 370->342 371->370 373 7ff73eca75f4-7ff73eca7639 CloseHandle CreateFileW 371->373 375 7ff73eca763b-7ff73eca7669 GetLastError call 7ff73ec95438 call 7ff73ec98574 373->375 376 7ff73eca766e-7ff73eca7683 373->376 375->376 376->370
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                    • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                    • Instruction ID: a711e2c4ad0592762789e1f4675be02bff0997d3157d713810d89639dc17cb67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5C1E233B24A4295EB10EF68C4902AC7761FB48BA8B811735DE2E5B7D5DF38D45AD320
                                                                                                                                                                                                                                                    Function 00007FF73EC87950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF73EC8154F), ref: 00007FF73EC879E7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC87B60: GetEnvironmentVariableW.KERNEL32(00007FF73EC83A1F), ref: 00007FF73EC87B9A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC87B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF73EC87BB7
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC97DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73EC97E05
                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32 ref: 00007FF73EC87AA1
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC82B30: MessageBoxW.USER32 ref: 00007FF73EC82C05
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                    • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                                    • Opcode ID: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                    • Instruction ID: bf302a976906479a0b977f5e1bf0fe6f295039ea76e593ad2c8d5c036d6ea732
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C51A321B0925361FD14B762AA652FED2916F88BC0FC45431FD0E8B796FE2CE409A320
                                                                                                                                                                                                                                                    Function 00007FF73ECA65EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 766 7ff73eca65ec-7ff73eca6621 call 7ff73eca5cf8 call 7ff73eca5d00 call 7ff73eca5d68 773 7ff73eca675f-7ff73eca67cd call 7ff73ec9aec4 call 7ff73eca1be8 766->773 774 7ff73eca6627-7ff73eca6632 call 7ff73eca5d08 766->774 785 7ff73eca67cf-7ff73eca67d6 773->785 786 7ff73eca67db-7ff73eca67de 773->786 774->773 779 7ff73eca6638-7ff73eca6643 call 7ff73eca5d38 774->779 779->773 787 7ff73eca6649-7ff73eca666c call 7ff73ec9af0c GetTimeZoneInformation 779->787 789 7ff73eca686b-7ff73eca686e 785->789 790 7ff73eca67e0 786->790 791 7ff73eca6815-7ff73eca6828 call 7ff73ec9dbbc 786->791 796 7ff73eca6672-7ff73eca6693 787->796 797 7ff73eca6734-7ff73eca675e call 7ff73eca5cf0 call 7ff73eca5ce0 call 7ff73eca5ce8 787->797 793 7ff73eca67e3 call 7ff73eca65ec 789->793 794 7ff73eca6874-7ff73eca687c call 7ff73eca6370 789->794 790->793 806 7ff73eca6833-7ff73eca684e call 7ff73eca1be8 791->806 807 7ff73eca682a 791->807 803 7ff73eca67e8-7ff73eca6814 call 7ff73ec9af0c call 7ff73ec8bcc0 793->803 794->803 801 7ff73eca6695-7ff73eca669b 796->801 802 7ff73eca669e-7ff73eca66a5 796->802 801->802 809 7ff73eca66a7-7ff73eca66af 802->809 810 7ff73eca66b9 802->810 821 7ff73eca6850-7ff73eca6853 806->821 822 7ff73eca6855-7ff73eca6867 call 7ff73ec9af0c 806->822 813 7ff73eca682c-7ff73eca6831 call 7ff73ec9af0c 807->813 809->810 815 7ff73eca66b1-7ff73eca66b7 809->815 816 7ff73eca66bb-7ff73eca672f call 7ff73ec8d0e0 * 4 call 7ff73eca31cc call 7ff73eca6884 * 2 810->816 813->790 815->816 816->797 821->813 822->789
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA661A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73ECA5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73ECA5D7C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA662B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73ECA5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73ECA5D1C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF73ECA663C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73ECA5D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73ECA5D4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF22
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: GetLastError.KERNEL32(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF2C
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF73ECA687C), ref: 00007FF73ECA6663
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                    • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                    • Instruction ID: f60d58e12df7bc5fdec6f73a0e26969b8ddd3ac5a3e7d2519eb6e84b8f6ddddf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E519F36A18642A6E710FF22E8905BDF760FF48784FC09535EA4D83696DF3CE449A760
                                                                                                                                                                                                                                                    Function 00007FF73EC81710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 7ff73ec81710-7ff73ec81724 1 7ff73ec8173e-7ff73ec81742 0->1 2 7ff73ec81726-7ff73ec8173d call 7ff73ec82b30 0->2 4 7ff73ec81768-7ff73ec8178b call 7ff73ec87c10 1->4 5 7ff73ec81744-7ff73ec8174d call 7ff73ec812b0 1->5 11 7ff73ec8178d-7ff73ec817b8 call 7ff73ec82890 4->11 12 7ff73ec817b9-7ff73ec817d4 call 7ff73ec83fd0 4->12 13 7ff73ec8175f-7ff73ec81767 5->13 14 7ff73ec8174f-7ff73ec8175a call 7ff73ec82b30 5->14 20 7ff73ec817ee-7ff73ec81801 call 7ff73ec90814 12->20 21 7ff73ec817d6-7ff73ec817e9 call 7ff73ec82b30 12->21 14->13 27 7ff73ec81823-7ff73ec81827 20->27 28 7ff73ec81803-7ff73ec8181e call 7ff73ec82890 20->28 26 7ff73ec8192f-7ff73ec81932 call 7ff73ec9018c 21->26 34 7ff73ec81937-7ff73ec8194e 26->34 30 7ff73ec81829-7ff73ec81835 call 7ff73ec81050 27->30 31 7ff73ec81841-7ff73ec81861 call 7ff73ec94f90 27->31 37 7ff73ec81927-7ff73ec8192a call 7ff73ec9018c 28->37 38 7ff73ec8183a-7ff73ec8183c 30->38 40 7ff73ec81863-7ff73ec8187d call 7ff73ec82890 31->40 41 7ff73ec81882-7ff73ec81888 31->41 37->26 38->37 49 7ff73ec8191d-7ff73ec81922 40->49 44 7ff73ec8188e-7ff73ec81897 41->44 45 7ff73ec81915-7ff73ec81918 call 7ff73ec94f7c 41->45 48 7ff73ec818a0-7ff73ec818c2 call 7ff73ec904dc 44->48 45->49 52 7ff73ec818f5-7ff73ec818fc 48->52 53 7ff73ec818c4-7ff73ec818dc call 7ff73ec90c1c 48->53 49->37 55 7ff73ec81903-7ff73ec8190b call 7ff73ec82890 52->55 58 7ff73ec818de-7ff73ec818e1 53->58 59 7ff73ec818e5-7ff73ec818f3 53->59 62 7ff73ec81910 55->62 58->48 61 7ff73ec818e3 58->61 59->55 61->62 62->45
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                                    • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                                    • Opcode ID: 9700799d37cb7dd7bdb1138c0e4ea7450ce332dd9a9464b6d3ee4ba8ff5c532e
                                                                                                                                                                                                                                                    • Instruction ID: 20300a189e09310fa88972c52a5446f01e1bb7f3eb55a6b6e1937294b6000325
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9700799d37cb7dd7bdb1138c0e4ea7450ce332dd9a9464b6d3ee4ba8ff5c532e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C451CE61B18642A2EA14BB25E9512BDE3E0BF44B94FC40431EE4D47696EF3CE64CE320
                                                                                                                                                                                                                                                    Function 00007FF73EC88950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(0000000100000001,00007FF73EC8414C,00007FF73EC87911,?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC88990
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC889A1
                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC889C3
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC889CD
                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC88A0A
                                                                                                                                                                                                                                                    • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF73EC88A1C
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC88A34
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC88A66
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF73EC88A8D
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00007FF73EC87D26,?,00007FF73EC81785), ref: 00007FF73EC88A9E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                                    • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                                    • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                    • Instruction ID: 29848dc743efc61978f492047c9384744b115eac176160cd8cce55ef1efeeb6d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B41A03261868692EB20AF60F4446EEA360FB84794FC41631EA6E47AD5DF3CE40CD720
                                                                                                                                                                                                                                                    Function 00007FF73EC81AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                                    • Opcode ID: 48a3cce56fb1c2fc23d90f4305464d624e8c6f88618c1eec2050cdc37cf09a3d
                                                                                                                                                                                                                                                    • Instruction ID: f77c8b645d84fb377ddcc093644d2861256a5bc46b177ba223e1434ec123bc60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48a3cce56fb1c2fc23d90f4305464d624e8c6f88618c1eec2050cdc37cf09a3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A51B172B09602A6EB14EF28E54417CB3E0EF48B84F918535E90C87795DF7CE848D764
                                                                                                                                                                                                                                                    Function 00007FF73EC88080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                                    • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                                    • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                    • Instruction ID: 6621149d73f475e0773f65810a349a59e53915ddbc441f9dbc96de8d7d65eb46
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83415732A08B8292DA20AB64F5552AEF360FF94364F900735E6AD47BD5DF7CD058DB10
                                                                                                                                                                                                                                                    Function 00007FF73EC81000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 381 7ff73ec81000-7ff73ec839d6 call 7ff73ec8ff60 call 7ff73ec8ff58 call 7ff73ec886b0 call 7ff73ec8ff58 call 7ff73ec8bc60 call 7ff73ec952f0 call 7ff73ec95ef8 call 7ff73ec81eb0 399 7ff73ec839dc-7ff73ec839ec call 7ff73ec83ec0 381->399 400 7ff73ec83ad2 381->400 399->400 406 7ff73ec839f2-7ff73ec83a05 call 7ff73ec83d90 399->406 401 7ff73ec83ad7-7ff73ec83af7 call 7ff73ec8bcc0 400->401 406->400 409 7ff73ec83a0b-7ff73ec83a32 call 7ff73ec87b60 406->409 412 7ff73ec83a74-7ff73ec83a9c call 7ff73ec88040 call 7ff73ec81cb0 409->412 413 7ff73ec83a34-7ff73ec83a43 call 7ff73ec87b60 409->413 424 7ff73ec83aa2-7ff73ec83ab8 call 7ff73ec81cb0 412->424 425 7ff73ec83b71-7ff73ec83b82 412->425 413->412 418 7ff73ec83a45-7ff73ec83a4b 413->418 420 7ff73ec83a4d-7ff73ec83a55 418->420 421 7ff73ec83a57-7ff73ec83a71 call 7ff73ec94f7c call 7ff73ec88040 418->421 420->421 421->412 435 7ff73ec83aba-7ff73ec83acd call 7ff73ec82b30 424->435 436 7ff73ec83af8-7ff73ec83afb 424->436 427 7ff73ec83b9e-7ff73ec83ba1 425->427 428 7ff73ec83b84-7ff73ec83b8b 425->428 433 7ff73ec83bb7-7ff73ec83bcf call 7ff73ec88ae0 427->433 434 7ff73ec83ba3-7ff73ec83ba9 427->434 428->427 432 7ff73ec83b8d-7ff73ec83b90 call 7ff73ec814f0 428->432 445 7ff73ec83b95-7ff73ec83b98 432->445 447 7ff73ec83be2-7ff73ec83be9 SetDllDirectoryW 433->447 448 7ff73ec83bd1-7ff73ec83bdd call 7ff73ec82b30 433->448 439 7ff73ec83bab-7ff73ec83bb5 434->439 440 7ff73ec83bef-7ff73ec83bfc call 7ff73ec86de0 434->440 435->400 436->425 444 7ff73ec83afd-7ff73ec83b14 call 7ff73ec83fd0 436->444 439->433 439->440 452 7ff73ec83bfe-7ff73ec83c0b call 7ff73ec86a90 440->452 453 7ff73ec83c47-7ff73ec83c4c call 7ff73ec86d60 440->453 458 7ff73ec83b1b-7ff73ec83b47 call 7ff73ec882b0 444->458 459 7ff73ec83b16-7ff73ec83b19 444->459 445->400 445->427 447->440 448->400 452->453 467 7ff73ec83c0d-7ff73ec83c1c call 7ff73ec865f0 452->467 460 7ff73ec83c51-7ff73ec83c54 453->460 458->425 473 7ff73ec83b49-7ff73ec83b51 call 7ff73ec9018c 458->473 462 7ff73ec83b56-7ff73ec83b6c call 7ff73ec82b30 459->462 465 7ff73ec83c5a-7ff73ec83c67 460->465 466 7ff73ec83d06-7ff73ec83d15 call 7ff73ec834c0 460->466 462->400 470 7ff73ec83c70-7ff73ec83c7a 465->470 466->400 484 7ff73ec83d1b-7ff73ec83d4d call 7ff73ec87fd0 call 7ff73ec87b60 call 7ff73ec83620 call 7ff73ec88080 466->484 482 7ff73ec83c1e-7ff73ec83c2a call 7ff73ec86570 467->482 483 7ff73ec83c3d-7ff73ec83c42 call 7ff73ec86840 467->483 475 7ff73ec83c7c-7ff73ec83c81 470->475 476 7ff73ec83c83-7ff73ec83c85 470->476 473->462 475->470 475->476 480 7ff73ec83c87-7ff73ec83caa call 7ff73ec81ef0 476->480 481 7ff73ec83cd1-7ff73ec83d01 call 7ff73ec83620 call 7ff73ec83460 call 7ff73ec83610 call 7ff73ec86840 call 7ff73ec86d60 476->481 480->400 497 7ff73ec83cb0-7ff73ec83cba 480->497 481->401 482->483 494 7ff73ec83c2c-7ff73ec83c3b call 7ff73ec86c30 482->494 483->453 509 7ff73ec83d52-7ff73ec83d6f call 7ff73ec86840 call 7ff73ec86d60 484->509 494->460 498 7ff73ec83cc0-7ff73ec83ccf 497->498 498->481 498->498 517 7ff73ec83d7d-7ff73ec83d87 call 7ff73ec81e80 509->517 518 7ff73ec83d71-7ff73ec83d78 call 7ff73ec87d40 509->518 517->401 518->517
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC83EC0: GetModuleFileNameW.KERNEL32(?,00007FF73EC839EA), ref: 00007FF73EC83EF1
                                                                                                                                                                                                                                                    • SetDllDirectoryW.KERNEL32 ref: 00007FF73EC83BE9
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC87B60: GetEnvironmentVariableW.KERNEL32(00007FF73EC83A1F), ref: 00007FF73EC87B9A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC87B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF73EC87BB7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                                    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                                    • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                                    • Opcode ID: 961709e27c457eb7e7d62568ba5cf74f7b3efaffa6cfd352c1cb815f9f4d264f
                                                                                                                                                                                                                                                    • Instruction ID: 2562d6dc5d684b36b54a86feffbc5cb11e687b9aab9d89735f04ca6bf1cdc901
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 961709e27c457eb7e7d62568ba5cf74f7b3efaffa6cfd352c1cb815f9f4d264f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FB1B221B2C68761EA25BB25DA502FDE390BF44784FC01131EA4D47696EF2CF51DE720
                                                                                                                                                                                                                                                    Function 00007FF73EC81050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 522 7ff73ec81050-7ff73ec810ab call 7ff73ec8b4e0 525 7ff73ec810ad-7ff73ec810d2 call 7ff73ec82b30 522->525 526 7ff73ec810d3-7ff73ec810eb call 7ff73ec94f90 522->526 531 7ff73ec810ed-7ff73ec81104 call 7ff73ec82890 526->531 532 7ff73ec81109-7ff73ec81119 call 7ff73ec94f90 526->532 537 7ff73ec8126c-7ff73ec81281 call 7ff73ec8b1c0 call 7ff73ec94f7c * 2 531->537 538 7ff73ec8111b-7ff73ec81132 call 7ff73ec82890 532->538 539 7ff73ec81137-7ff73ec81147 532->539 555 7ff73ec81286-7ff73ec812a0 537->555 538->537 540 7ff73ec81150-7ff73ec81175 call 7ff73ec904dc 539->540 548 7ff73ec8125e 540->548 549 7ff73ec8117b-7ff73ec81185 call 7ff73ec90250 540->549 551 7ff73ec81264 548->551 549->548 556 7ff73ec8118b-7ff73ec81197 549->556 551->537 557 7ff73ec811a0-7ff73ec811c8 call 7ff73ec89990 556->557 560 7ff73ec811ca-7ff73ec811cd 557->560 561 7ff73ec81241-7ff73ec8125c call 7ff73ec82b30 557->561 562 7ff73ec8123c 560->562 563 7ff73ec811cf-7ff73ec811d9 560->563 561->551 562->561 565 7ff73ec811db-7ff73ec811e8 call 7ff73ec90c1c 563->565 566 7ff73ec81203-7ff73ec81206 563->566 573 7ff73ec811ed-7ff73ec811f0 565->573 568 7ff73ec81219-7ff73ec8121e 566->568 569 7ff73ec81208-7ff73ec81216 call 7ff73ec8ca40 566->569 568->557 572 7ff73ec81220-7ff73ec81223 568->572 569->568 575 7ff73ec81237-7ff73ec8123a 572->575 576 7ff73ec81225-7ff73ec81228 572->576 577 7ff73ec811fe-7ff73ec81201 573->577 578 7ff73ec811f2-7ff73ec811fc call 7ff73ec90250 573->578 575->551 576->561 580 7ff73ec8122a-7ff73ec81232 576->580 577->561 578->568 578->577 580->540
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                                    • Opcode ID: 88534f2458b0e3989dbead5018ec6a961dab2d1cdbb689051e36372a7615677e
                                                                                                                                                                                                                                                    • Instruction ID: 0a2cdcd5574bcceb76bd50ee6ad88638728b9891e9a76b98b9d4143432eaff42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88534f2458b0e3989dbead5018ec6a961dab2d1cdbb689051e36372a7615677e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4351C222A09A82A5EA64BB51E5403BEE3D0FF84794FC44131ED4D87795EF3CE949E720
                                                                                                                                                                                                                                                    Function 00007FF73EC9C01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 653 7ff73ec9c01c-7ff73ec9c042 654 7ff73ec9c044-7ff73ec9c058 call 7ff73ec954a4 call 7ff73ec954c4 653->654 655 7ff73ec9c05d-7ff73ec9c061 653->655 673 7ff73ec9c44e 654->673 657 7ff73ec9c437-7ff73ec9c443 call 7ff73ec954a4 call 7ff73ec954c4 655->657 658 7ff73ec9c067-7ff73ec9c06e 655->658 675 7ff73ec9c449 call 7ff73ec9aea4 657->675 658->657 660 7ff73ec9c074-7ff73ec9c0a2 658->660 660->657 664 7ff73ec9c0a8-7ff73ec9c0af 660->664 665 7ff73ec9c0b1-7ff73ec9c0c3 call 7ff73ec954a4 call 7ff73ec954c4 664->665 666 7ff73ec9c0c8-7ff73ec9c0cb 664->666 665->675 671 7ff73ec9c0d1-7ff73ec9c0d7 666->671 672 7ff73ec9c433-7ff73ec9c435 666->672 671->672 677 7ff73ec9c0dd-7ff73ec9c0e0 671->677 676 7ff73ec9c451-7ff73ec9c468 672->676 673->676 675->673 677->665 680 7ff73ec9c0e2-7ff73ec9c107 677->680 682 7ff73ec9c13a-7ff73ec9c141 680->682 683 7ff73ec9c109-7ff73ec9c10b 680->683 684 7ff73ec9c143-7ff73ec9c16b call 7ff73ec9dbbc call 7ff73ec9af0c * 2 682->684 685 7ff73ec9c116-7ff73ec9c12d call 7ff73ec954a4 call 7ff73ec954c4 call 7ff73ec9aea4 682->685 686 7ff73ec9c132-7ff73ec9c138 683->686 687 7ff73ec9c10d-7ff73ec9c114 683->687 716 7ff73ec9c188-7ff73ec9c1b3 call 7ff73ec9c844 684->716 717 7ff73ec9c16d-7ff73ec9c183 call 7ff73ec954c4 call 7ff73ec954a4 684->717 714 7ff73ec9c2c0 685->714 688 7ff73ec9c1b8-7ff73ec9c1cf 686->688 687->685 687->686 691 7ff73ec9c1d1-7ff73ec9c1d9 688->691 692 7ff73ec9c24a-7ff73ec9c254 call 7ff73eca3f8c 688->692 691->692 695 7ff73ec9c1db-7ff73ec9c1dd 691->695 703 7ff73ec9c25a-7ff73ec9c26f 692->703 704 7ff73ec9c2de 692->704 695->692 699 7ff73ec9c1df-7ff73ec9c1f5 695->699 699->692 706 7ff73ec9c1f7-7ff73ec9c203 699->706 703->704 708 7ff73ec9c271-7ff73ec9c283 GetConsoleMode 703->708 712 7ff73ec9c2e3-7ff73ec9c303 ReadFile 704->712 706->692 710 7ff73ec9c205-7ff73ec9c207 706->710 708->704 713 7ff73ec9c285-7ff73ec9c28d 708->713 710->692 715 7ff73ec9c209-7ff73ec9c221 710->715 718 7ff73ec9c309-7ff73ec9c311 712->718 719 7ff73ec9c3fd-7ff73ec9c406 GetLastError 712->719 713->712 721 7ff73ec9c28f-7ff73ec9c2b1 ReadConsoleW 713->721 724 7ff73ec9c2c3-7ff73ec9c2cd call 7ff73ec9af0c 714->724 715->692 725 7ff73ec9c223-7ff73ec9c22f 715->725 716->688 717->714 718->719 727 7ff73ec9c317 718->727 722 7ff73ec9c423-7ff73ec9c426 719->722 723 7ff73ec9c408-7ff73ec9c41e call 7ff73ec954c4 call 7ff73ec954a4 719->723 730 7ff73ec9c2d2-7ff73ec9c2dc 721->730 731 7ff73ec9c2b3 GetLastError 721->731 735 7ff73ec9c2b9-7ff73ec9c2bb call 7ff73ec95438 722->735 736 7ff73ec9c42c-7ff73ec9c42e 722->736 723->714 724->676 725->692 734 7ff73ec9c231-7ff73ec9c233 725->734 728 7ff73ec9c31e-7ff73ec9c333 727->728 728->724 738 7ff73ec9c335-7ff73ec9c340 728->738 730->728 731->735 734->692 742 7ff73ec9c235-7ff73ec9c245 734->742 735->714 736->724 744 7ff73ec9c342-7ff73ec9c35b call 7ff73ec9bc34 738->744 745 7ff73ec9c367-7ff73ec9c36f 738->745 742->692 753 7ff73ec9c360-7ff73ec9c362 744->753 749 7ff73ec9c371-7ff73ec9c383 745->749 750 7ff73ec9c3eb-7ff73ec9c3f8 call 7ff73ec9ba74 745->750 754 7ff73ec9c385 749->754 755 7ff73ec9c3de-7ff73ec9c3e6 749->755 750->753 753->724 757 7ff73ec9c38a-7ff73ec9c391 754->757 755->724 758 7ff73ec9c393-7ff73ec9c397 757->758 759 7ff73ec9c3cd-7ff73ec9c3d8 757->759 760 7ff73ec9c3b3 758->760 761 7ff73ec9c399-7ff73ec9c3a0 758->761 759->755 763 7ff73ec9c3b9-7ff73ec9c3c9 760->763 761->760 762 7ff73ec9c3a2-7ff73ec9c3a6 761->762 762->760 764 7ff73ec9c3a8-7ff73ec9c3b1 762->764 763->757 765 7ff73ec9c3cb 763->765 764->763 765->755
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                    • Instruction ID: 462884fb159993a80201f46bf36585164b2d2fba6f2190dbbe492b9eaf0259df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2C1C422A0CB86A1EA50AB5594406BDB754FF96B80FD50135F94D07792EF7CE84DA320
                                                                                                                                                                                                                                                    Function 00007FF73EC9D520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 876 7ff73ec9d520-7ff73ec9d545 877 7ff73ec9d813 876->877 878 7ff73ec9d54b-7ff73ec9d54e 876->878 879 7ff73ec9d815-7ff73ec9d825 877->879 880 7ff73ec9d550-7ff73ec9d582 call 7ff73ec9add8 878->880 881 7ff73ec9d587-7ff73ec9d5b3 878->881 880->879 883 7ff73ec9d5b5-7ff73ec9d5bc 881->883 884 7ff73ec9d5be-7ff73ec9d5c4 881->884 883->880 883->884 886 7ff73ec9d5d4-7ff73ec9d5e9 call 7ff73eca3f8c 884->886 887 7ff73ec9d5c6-7ff73ec9d5cf call 7ff73ec9c8e0 884->887 891 7ff73ec9d5ef-7ff73ec9d5f8 886->891 892 7ff73ec9d703-7ff73ec9d70c 886->892 887->886 891->892 895 7ff73ec9d5fe-7ff73ec9d602 891->895 893 7ff73ec9d760-7ff73ec9d785 WriteFile 892->893 894 7ff73ec9d70e-7ff73ec9d714 892->894 900 7ff73ec9d790 893->900 901 7ff73ec9d787-7ff73ec9d78d GetLastError 893->901 896 7ff73ec9d716-7ff73ec9d719 894->896 897 7ff73ec9d74c-7ff73ec9d75e call 7ff73ec9cfd8 894->897 898 7ff73ec9d604-7ff73ec9d60c call 7ff73ec94900 895->898 899 7ff73ec9d613-7ff73ec9d61e 895->899 902 7ff73ec9d738-7ff73ec9d74a call 7ff73ec9d1f8 896->902 903 7ff73ec9d71b-7ff73ec9d71e 896->903 924 7ff73ec9d6f0-7ff73ec9d6f7 897->924 898->899 905 7ff73ec9d620-7ff73ec9d629 899->905 906 7ff73ec9d62f-7ff73ec9d644 GetConsoleMode 899->906 908 7ff73ec9d793 900->908 901->900 902->924 910 7ff73ec9d7a4-7ff73ec9d7ae 903->910 911 7ff73ec9d724-7ff73ec9d736 call 7ff73ec9d0dc 903->911 905->892 905->906 914 7ff73ec9d64a-7ff73ec9d650 906->914 915 7ff73ec9d6fc 906->915 909 7ff73ec9d798 908->909 917 7ff73ec9d79d 909->917 918 7ff73ec9d7b0-7ff73ec9d7b5 910->918 919 7ff73ec9d80c-7ff73ec9d811 910->919 911->924 922 7ff73ec9d656-7ff73ec9d659 914->922 923 7ff73ec9d6d9-7ff73ec9d6eb call 7ff73ec9cb60 914->923 915->892 917->910 925 7ff73ec9d7e3-7ff73ec9d7ed 918->925 926 7ff73ec9d7b7-7ff73ec9d7ba 918->926 919->879 928 7ff73ec9d664-7ff73ec9d672 922->928 929 7ff73ec9d65b-7ff73ec9d65e 922->929 923->924 924->909 933 7ff73ec9d7ef-7ff73ec9d7f2 925->933 934 7ff73ec9d7f4-7ff73ec9d803 925->934 931 7ff73ec9d7d3-7ff73ec9d7de call 7ff73ec95480 926->931 932 7ff73ec9d7bc-7ff73ec9d7cb 926->932 935 7ff73ec9d6d0-7ff73ec9d6d4 928->935 936 7ff73ec9d674 928->936 929->917 929->928 931->925 932->931 933->877 933->934 934->919 935->908 938 7ff73ec9d678-7ff73ec9d68f call 7ff73eca4058 936->938 942 7ff73ec9d691-7ff73ec9d69d 938->942 943 7ff73ec9d6c7-7ff73ec9d6cd GetLastError 938->943 944 7ff73ec9d69f-7ff73ec9d6b1 call 7ff73eca4058 942->944 945 7ff73ec9d6bc-7ff73ec9d6c3 942->945 943->935 944->943 949 7ff73ec9d6b3-7ff73ec9d6ba 944->949 945->935 947 7ff73ec9d6c5 945->947 947->938 949->945
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF73EC9D50B), ref: 00007FF73EC9D63C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF73EC9D50B), ref: 00007FF73EC9D6C7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                    • Instruction ID: a828e56f8647921b44a183d68e1ea037d44a910ff76159ae0de8258567345c26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6910972F18651E5F750EF6994502BDAFA0BB40B88F944139EE0E67685EF3CD489E320
                                                                                                                                                                                                                                                    Function 00007FF73EC9FCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                    • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                    • Instruction ID: 74f9a55ab75c2bf4581d6cec0b2fcc8dab748aff1ae5f19ce80438fe48ef6d81
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9351F772F04152AAFB24EF34D9556BCB7A1AB00358F904135FD1E62BE6EB38A409D720
                                                                                                                                                                                                                                                    Function 00007FF73EC95854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                    • Opcode ID: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                                    • Instruction ID: d890197255b5124c4986cd71ce1d933640ea632a35df08c7adb1c713f51df794
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE51A222E086419AFB10EF70D4503BDB7A1BF44B58F518535EE4D4769AEF38D4999330
                                                                                                                                                                                                                                                    Function 00007FF73EC8C07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1452418845-0
                                                                                                                                                                                                                                                    • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                    • Instruction ID: 6bd44bcb7d837b63b4bd83d1f1089ab27e628fc78175b31d9730db01e507c18f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D312821A0824361FA24BB649692BBDA3D19F41784FC45439E94E472E7DE3CAC4DA232
                                                                                                                                                                                                                                                    Function 00007FF73EC95700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                    • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                    • Instruction ID: 630146af3a16b0b30e54cdf08346b7460ee5d844905f1ee2614bbd306ae49a00
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A419522D2878193EB50AB60951037DA360FF95764F509334FA5C07AD6EF7CA5E89720
                                                                                                                                                                                                                                                    Function 00007FF73EC9027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                                    • Instruction ID: ff10258c545b82e018f088f07e0de8f2528e7872a5afa6c89118180eeb44fb08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60512A21B09652A6FA64BE36940177EE281BF44BA4F944734FD7C877C5EF3CD808A620
                                                                                                                                                                                                                                                    Function 00007FF73EC9C6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                    • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                    • Instruction ID: 0744251c375d6d1797fe24592bbeae8af1ba6754eea4723629b98d8dadba0cda
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34110E62A18B8191EA20AB25B44016DA361AB85BF4F940331EEBD0B7E9DF3CD4499700
                                                                                                                                                                                                                                                    Function 00007FF73EC959FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC95911), ref: 00007FF73EC95A2F
                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC95911), ref: 00007FF73EC95A45
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                    • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                    • Instruction ID: 97904b17133fc21e2e260ab6c8f5f26844e1bdaa2abada730ddb623cd09d200a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9211E33260C64291EB54AB01A44103EF7B0FB85760F900235FB9D899E8EF3CD018EB20
                                                                                                                                                                                                                                                    Function 00007FF73EC9AF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF22
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF2C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                    • Instruction ID: 1094ae57cb618c96ff2f7fe738b689f6f5183765799ed75160b83a0b9a457acf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20E0C290F0960276FF58BBF2984907D92919F88B01FC04834EC0E87393FE2C689D6230
                                                                                                                                                                                                                                                    Function 00007FF73EC9B11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF73EC9AF99,?,?,00000000,00007FF73EC9B04E), ref: 00007FF73EC9B18A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF73EC9AF99,?,?,00000000,00007FF73EC9B04E), ref: 00007FF73EC9B194
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                    • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                    • Instruction ID: 89af4eb29cb6917fd74d3a184c4b68fe93192a493e7d3364cc26e54e3a2a74cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D21EB21F1868271FE90B764A4553BD92826F84BE0FC44235FA5E477D1EE6CE44DA321
                                                                                                                                                                                                                                                    Function 00007FF73EC9C46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 491d756dfbf5d606f7e783a7bab36e7eaa3001c20d525fc7b9da7dd63869e3d6
                                                                                                                                                                                                                                                    • Instruction ID: f5feb4aad33a48c216fa4a6981f58fa7eebeec87ccc0cfe18eb581b404fd18e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 491d756dfbf5d606f7e783a7bab36e7eaa3001c20d525fc7b9da7dd63869e3d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E41DA72908241A7EA34EB29E54067DB7A0EB56B41F900131FA8D477D1DF3CE806E771
                                                                                                                                                                                                                                                    Function 00007FF73EC882B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                    • Opcode ID: f38816a1396df6c3fe935ea55d49c1b180c6beea1b2607ef6d81d6429394b577
                                                                                                                                                                                                                                                    • Instruction ID: 4cca069e5a90d8742091936cbee6148c0267c1f3a4ac3c902b95106c23d643a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f38816a1396df6c3fe935ea55d49c1b180c6beea1b2607ef6d81d6429394b577
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6321A122B0869266FB50BA126A047FEE651BF55FD4FCC5430EE0D07B86DE3CE449E624
                                                                                                                                                                                                                                                    Function 00007FF73EC9BEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                                    • Instruction ID: 48a51a8904bb685aecade054e82ac8860a7862d0c64a9a8413f69a12281c1877
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31A126A18642A5FB41BB5588413BCA650AF80BA2FC10135FE1D073D3EF7CE44AA735
                                                                                                                                                                                                                                                    Function 00007FF73EC964A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                    • Instruction ID: c3b91505a8e6720d2d5c53f0b37a838a3038b82c6ab1c6da231a21d4cf67fa13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80115E22A1C68591EE60FF91940127EE2A4BF85B84F844431FE8D47AC6EF7CD544B764
                                                                                                                                                                                                                                                    Function 00007FF73ECA6CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                    • Instruction ID: a73b8974eafc4549c3a15d63eb301f721ef48df8dcb0910861cfa09f7bfcd15a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF21D432A18A4597DB60AF18E4403BDB3A0FB84B98F944634EA5D476DADF3CD409DB10
                                                                                                                                                                                                                                                    Function 00007FF73EC904FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                    • Instruction ID: ebdec45de4f41f07211785dfd3bb1378bad6fedbc7b0d4183261203bc65b7fb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B501C461A0874151EA04FB66990126DE795BF85FE0F884630FE6C97BD6EE3CE405A324
                                                                                                                                                                                                                                                    Function 00007FF73EC9F158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF73EC9B9A6,?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02), ref: 00007FF73EC9F1AD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                    • Instruction ID: 400843165b7115ea3deda4046bb06519b63f20295dd2a7a3f59e2474825e301d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F06D55B09286A1FE947662D9202BDC2915F88B50FCC4430FD0E963D2FE1CE489A2B0
                                                                                                                                                                                                                                                    Function 00007FF73EC9DBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF73EC90D24,?,?,?,00007FF73EC92236,?,?,?,?,?,00007FF73EC93829), ref: 00007FF73EC9DBFA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                    • Instruction ID: f08d0da74c6532a7899a2c5539db6d8d7cb8de99a145f238f0626a00172adf6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECF0FE55B0D247E5FE547662992127DD6905F44764F884730FD2E962C2EE5CA488A130

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF73EC86EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                    • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                                    • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                    • Instruction ID: 523ba88adce863668715ce4ddad33c30606fe8ecb75c1a8b5c98ed7067a0dc83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FE1C364A1DB07F0FA59BB04A9601BCEBA1AF05744FC45835D85E463A4EF7CF94CA320
                                                                                                                                                                                                                                                    Function 00007FF73EC81F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                                    • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                                    • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                                    • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                    • Instruction ID: 963a94bbe301d8d5d92eea96929701f4f80bb91313fb4d406ad2fe359fb6d0fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9A19A76218B85A7E3149F61E45479EB770F788B84F904529EB9D03B24CF3DE168CB10
                                                                                                                                                                                                                                                    Function 00007FF73ECA471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                    • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                    • Instruction ID: a4db505fbebe3930b4146a083e60ef3b68ac5f34e5efa75a72d7ba6f28fd5200
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB22372E182829BEB64DF64D440BFDB7B1FB44388F805935DA0D57A89DB38E908DB50
                                                                                                                                                                                                                                                    Function 00007FF73EC88560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00007FF73EC82A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC88587
                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32 ref: 00007FF73EC885B6
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 00007FF73EC8860C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF73EC887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC82A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: MessageBoxW.USER32 ref: 00007FF73EC82AF0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                                    • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                                    • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                    • Instruction ID: 2885824df1d5ff4635475cedd586e3d53db30c3d6474d629d63eac1d8e15471d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89215071A1CA43A1F724AB15F8542AEA7A1FF88388FC40535E64D836A4DF7CE54DE720
                                                                                                                                                                                                                                                    Function 00007FF73EC8C57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                    • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                    • Instruction ID: 609c15e7960bab9eccd790d5e26d3eff67da14af290c6464a92bc94247654371
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03315072618B8196EB60AF60E8507EDB3A4FB84744F84443ADB4D47B94DF38D64CD724
                                                                                                                                                                                                                                                    Function 00007FF73EC9ABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                    • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                    • Instruction ID: 7dab62f9660a4bd5aeb4ceb72ed9fb02900a1768babda7cbeb051cb49eb817b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B31A232618F8196DB60DF25E8403AEB3A4FB89794F900136EA9D43B98DF3CD549CB10
                                                                                                                                                                                                                                                    Function 00007FF73ECA1EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                    • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                    • Instruction ID: 0e44cfc406c1d9d7a70fd5f390a9dec9773dde1862a0e0fab4668151566dd438
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BB1F762B186A251EB64EB22E8001BDE391EB44BE4F844531FE5E07BC5DF3CE859E310
                                                                                                                                                                                                                                                    Function 00007FF73EC8C460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                    • Instruction ID: 9827a9df305aba1f9500154048f817084f82b90f49cf06c7c515948f67ad8523
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66117032B54F0699EB00DF60E8442BD73A4FB18B58F841E31EA6D467A4DF7CD1989390
                                                                                                                                                                                                                                                    Function 00007FF73ECA4280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                    • Instruction ID: 93d13d081e3f87f917c9023294261f6d91e5fe0d503cb3f723b501f3db39ae9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAC11472B1928697EB24DF59A0446BEF7A1F794B84F858534DB4E47B84DB3CE809CB00
                                                                                                                                                                                                                                                    Function 00007FF73ECA9FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                                    • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                    • Instruction ID: 78fc8c93d7f3c0195ebd821ba6cc150a876d20c7a3dcf525530354c0a97027f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EB17B73604B898BEB59CF29C84636CBBA0F784B48F548D22DB6D837A4CB3AD455D710
                                                                                                                                                                                                                                                    Function 00007FF73EC888D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                    • Instruction ID: 4c71c0c8ffa64e1644080006e1aa93427afa185715085c4ca781c309a33cf7f0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F08172A1C68586E7609F64B4587AEB390FB44724F840735E67D02AD4DF3CD00CEA10
                                                                                                                                                                                                                                                    Function 00007FF73EC93AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                                    • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                    • Instruction ID: b4161eccfd12524a221419f23fdccc88b128d7e5a65bd2fec079e3cbded53a28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35E1EB32A18A4695EB68AF2D805017DB3A0FF45B48F945235EE0E077D4EF39F859E710
                                                                                                                                                                                                                                                    Function 00007FF73EC9E4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                                    • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                    • Instruction ID: 15929c1f6363b2bd78c8988f08e7a296ffc2968f0f7c377b45344b5d787e25ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85518A23B182C59AE7249E359900B6DF7D1E754B94F888231EBAC47AC5EE3DD408D710
                                                                                                                                                                                                                                                    Function 00007FF73ECA0F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                    • Instruction ID: 55657795ff585a792a7e4bff4647a50a9e40e1bf852bc374fa065ff1dad232ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C202C2A1B0D753A0FB51BB22940127DE694AF41BA0FC44A35ED6E477D2EE3CE449A330
                                                                                                                                                                                                                                                    Function 00007FF73EC9E01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                                    • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                    • Instruction ID: 798465ff6e4a0b18b7cdb30f7a621b589c1e9e3e85c89282834888a6a914f65a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30A14773A087C59AEB21DB25E400BADBBD1AB60B84F448131EE8D47782EE3DE509D711
                                                                                                                                                                                                                                                    Function 00007FF73EC986D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                    • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                    • Instruction ID: 7a1e1e2d19dc054c81c99bdfaaaf4fd04d94c42e7baad5b012beeced26371dbc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6251A016F0875261FA68BA2699111BED291BF44BC4FC84534FE0E47796FF3CE40AA224
                                                                                                                                                                                                                                                    Function 00007FF73ECA3AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                    • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                    • Instruction ID: a5ce8c680bafa6f22463d8cdb01f2719e3e9c67c9153342d64877501a080e099
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23B01220F1BB46D2EB483B926C8621C62B47F48B00FD44038D24C41330DE3C25FE6720
                                                                                                                                                                                                                                                    Function 00007FF73EC936E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                    • Instruction ID: c84a0f580bcbe8b088c856b9d2265a0c2d0b6d3615eee05fec9020740f9f7e8b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDD1F562E08642A5EB28AB2D814427DA7A0FF05B48F944235EE0D077D5EF3DF85DE364
                                                                                                                                                                                                                                                    Function 00007FF73EC88FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                    • Instruction ID: b07112d39a80b6ffa45ea82a9c0a5f42d6fcbc5c50d6ba618b1ee79bb2425534
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AC114322142F08BD698FB29E45947A73E2F7E9309BD5403AEB874B785C63CE414E760
                                                                                                                                                                                                                                                    Function 00007FF73EC92D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                    • Instruction ID: e67d563f41db437d5a566d348e39f224c3043dad171ba5182f89c61fc96c050e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B1BE7290878595E7A8DF39D09023CBBA0F709F48FA41135EA8E47395EF39E449E724
                                                                                                                                                                                                                                                    Function 00007FF73EC9EB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                    • Instruction ID: f6b3fd90f7a4c032cdf72dd0b9b9722da59d66f1dfc8bce87d152bfae9865091
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94810672A0C7815AE774EF1994807BEA6D1FB65790F844235FA8D43B85EF3DE0089B10
                                                                                                                                                                                                                                                    Function 00007FF73ECA6D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                                    • Instruction ID: b97dbcc0fee370f381062903e2178aadb7bf8331a314c224082ae81d0a1d445f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E613C22F0C28666FB64EA28C45077DF691AF40774F940A39E62D43BC5DE7DE80DA720
                                                                                                                                                                                                                                                    Function 00007FF73EC91E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                    • Instruction ID: 4d0a5b39d5c6560734cec2f07d5712a4861968f432e0d0788f1c36c608b91b27
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F51E532A1865592E7649B28D04523CB3A0EB48F6CFA55131EE8C077D4EF3AEC47E790
                                                                                                                                                                                                                                                    Function 00007FF73EC922A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                    • Instruction ID: 0ad9e2dc77ae0d6a20faebe0fe315856027d88ee07d9798f6d9e0539e47cf9bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6851C936A18651D1E7A89B29E04023CB3A4FB54F68FA44131EECD07794EB3AE847E750
                                                                                                                                                                                                                                                    Function 00007FF73EC91A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                    • Instruction ID: e69105ade666907e06127f426a2d1d73951436397a2731800d44cbbcc0a3e389
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2951E576A18A5196E7249F29C04123CB3A1EB44F68FA54131EE4C077D4EF3AEC5BE750
                                                                                                                                                                                                                                                    Function 00007FF73EC920A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                    • Instruction ID: db7ea558ff99444326a29990607acf551c2f9545d6ec899bc366ebe77b18ac5c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8510736A18A5191E7A89B28E04033CB7A1EB44F58FA44131EF8C17795EF3AEC57E750
                                                                                                                                                                                                                                                    Function 00007FF73EC91880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                    • Instruction ID: 3ec97433b4d3f412b8c732b1299a9bf665d110ca4f4209527a34da18856ab9d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E51E232B1875195E7249B29C04133CA3A1EB48B58FA64131EE4C1B794EF3AEC57E790
                                                                                                                                                                                                                                                    Function 00007FF73EC91C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                    • Instruction ID: 5ce55cb8c54f32dfb068ca321f54ef500d04e8e0c055bc6d4a22685370def61e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051D233A1865196E7259B29C04537CB7A0EB48F58FA64131EE8C07798EF3AEC47E750
                                                                                                                                                                                                                                                    Function 00007FF73EC95F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                    • Instruction ID: 919fd30b44d5ca2f872f738fd682fe73618d13d7a431ec24eb390e4a072302a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4410652C0D74E95ED61992C45006BCA6809F327F0DD862B4FDAD173C7FC0E658EA230
                                                                                                                                                                                                                                                    Function 00007FF73EC9A430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                    • Instruction ID: 2855119bd73cf21466130dbb1865df0e0a2c53154bf0819809e4f6e582853e95
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB411972B18A5591FF18DF2AD91416DB3A1B748FD0B849032EE4D87B58EF3CD44AA310
                                                                                                                                                                                                                                                    Function 00007FF73EC97C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                    • Instruction ID: cdab14640226bbe8b74a2899069911c091bf9c44e370eac4686493f5089ac970
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5631C532709B8242E764EF25A44027DA6D5AF84B90F544238FE4D53BD6EF3CD416A314
                                                                                                                                                                                                                                                    Function 00007FF73ECA9E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                    • Instruction ID: 30c39e2bf88a01dfd84447b184a0655bcb3bdf7efffb2a829d63d0180c23c602
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F0C2B1B186959ADBA49F29A80262DB7E0F7483C4F84C079E6CC83F04C63C80A29F14
                                                                                                                                                                                                                                                    Function 00007FF73EC8C760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                    • Instruction ID: ec91eae25123ba1878066a77e25126f63bbf2dd652175f4a75643d35f3897039
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAA0022191CC06F0E644AB10F950478A770FB52300BD00431F14D410A09F3CA959E321
                                                                                                                                                                                                                                                    Function 00007FF73EC851E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                    • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                                    • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                    • Instruction ID: fdcc909839e88992326c98733b903e60304ad1f096611973793fbc9e406fec88
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15129064A1EB03B0FE59FB18A95057CA3A1AF45740BD46835C85E063A5EFBCB94CF360
                                                                                                                                                                                                                                                    Function 00007FF73EC812B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message_fread_nolock
                                                                                                                                                                                                                                                    • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                                    • Opcode ID: eb36bb45857c16b44edd36685c31993014ae0f224cc39bafccf1feedf175797d
                                                                                                                                                                                                                                                    • Instruction ID: f9a65f57eaed4b54745324c0fc072373aeb775a9a7c69c34dcceb9dade9c39cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb36bb45857c16b44edd36685c31993014ae0f224cc39bafccf1feedf175797d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA51A021B1868366EA20B721A9516FEA394EF447C4FC05431FE5D47B86EE7CE549A320
                                                                                                                                                                                                                                                    Function 00007FF73EC823F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                    • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                    • Instruction ID: 01fd99268d69d8cca0301ccfed9eeb6f907f78d09c2facd91e4252744e2f0327
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B551D7266147A186D6349F26E4181BEF7A1FB98B61F404125EFDE43794DF3CD049DB20
                                                                                                                                                                                                                                                    Function 00007FF73EC967A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                    • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                    • Instruction ID: 457c7547d250530f8e5ef8e9bc712281c8a16e19d6ac947fb296229c8a113cc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19129072E0C24BA6FB20BA14D1546BDF6A1EB80754FC48035F699476C4FF3CE588AB25
                                                                                                                                                                                                                                                    Function 00007FF73EC91108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                    • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                    • Instruction ID: 3737fe274db12c10d8a32bb3b8b9961a7d3c587eaed0bf7b11e871da267d9b3c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE12A632E0C243A6FB60BA15E0466BDF291FB40754FC64135F69A476C4EF3CE588AB24
                                                                                                                                                                                                                                                    Function 00007FF73EC815A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: fc4d00e68c10bc6cfa12e2fd898941efbd925022891e855d312ef2fb0d8dc3ae
                                                                                                                                                                                                                                                    • Instruction ID: 12589e614495e177d2d95567762210e9406d5257f0426b963dfb9af83291aca8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4d00e68c10bc6cfa12e2fd898941efbd925022891e855d312ef2fb0d8dc3ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4231BF21B18643A6EE24BB51E5401BEE3A0FF047C4FD84432EE8D07A56EE3CF549A720
                                                                                                                                                                                                                                                    Function 00007FF73EC8EB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                    • Instruction ID: a79463e4da345e9489cfdbbaef4ae5213c7affadc8d8f6519238d70c50b1c895
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FE1C532A08741AAEB20EF25D9403BDBBA0FB45788F900135EE4D57B95DF38E488D712
                                                                                                                                                                                                                                                    Function 00007FF73EC9F1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF73EC9F56A,?,?,0000016995626938,00007FF73EC9B317,?,?,?,00007FF73EC9B20E,?,?,?,00007FF73EC96452), ref: 00007FF73EC9F34C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF73EC9F56A,?,?,0000016995626938,00007FF73EC9B317,?,?,?,00007FF73EC9B20E,?,?,?,00007FF73EC96452), ref: 00007FF73EC9F358
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                    • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                    • Instruction ID: e981ad036d82b0dc33a9295760403b76da4ce3aadeeab296932f7d81843f0a9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B414861B19A4261FA16EB16AC0067DA391BF44BE0FD84535ED2D67784EF3CE44DE320
                                                                                                                                                                                                                                                    Function 00007FF73EC886B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC88747
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC8879E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                    • API String ID: 626452242-27947307
                                                                                                                                                                                                                                                    • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                    • Instruction ID: 6668a827a24a9c8ee1e404901aa6cfb19e2764542c18d43b2d4eb2d437f50ea2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E419032A08B8292E620EF55B8401BEF6A1FB84B94FD44535EA8D47F95DF3CD449E720
                                                                                                                                                                                                                                                    Function 00007FF73EC88BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00007FF73EC839EA), ref: 00007FF73EC88C31
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF73EC887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC82A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: MessageBoxW.USER32 ref: 00007FF73EC82AF0
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00007FF73EC839EA), ref: 00007FF73EC88CA5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                    • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                                    • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                    • Instruction ID: 7b50e4512b7b7519ee44b53be6c3699747e7a95e88d0f682825bf0bb88390d3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60218232A09B42E5EB10EF16E9500BDF6A1FB84B84BD44535D64D43B98EF3CE549D320
                                                                                                                                                                                                                                                    Function 00007FF73EC875A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                                    • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                                    • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                                    • Opcode ID: 716029066da9aa7fdbb7f0bfe734846ac928b4b9348b4955f396da70c2eca7e6
                                                                                                                                                                                                                                                    • Instruction ID: 1b8ed4f6a5882f096b2e2f49ca5765b979218047c6c6813ad84981e1a966fa30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 716029066da9aa7fdbb7f0bfe734846ac928b4b9348b4955f396da70c2eca7e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7517C21A0D65365FA25BB25AA512BDE291AF85B80FC40130FD5DC77D6FE2CE90CE360
                                                                                                                                                                                                                                                    Function 00007FF73EC8DDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF73EC8E06A,?,?,?,00007FF73EC8DD5C,?,?,00000001,00007FF73EC8D979), ref: 00007FF73EC8DE3D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF73EC8E06A,?,?,?,00007FF73EC8DD5C,?,?,00000001,00007FF73EC8D979), ref: 00007FF73EC8DE4B
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF73EC8E06A,?,?,?,00007FF73EC8DD5C,?,?,00000001,00007FF73EC8D979), ref: 00007FF73EC8DE75
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF73EC8E06A,?,?,?,00007FF73EC8DD5C,?,?,00000001,00007FF73EC8D979), ref: 00007FF73EC8DEBB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF73EC8E06A,?,?,?,00007FF73EC8DD5C,?,?,00000001,00007FF73EC8D979), ref: 00007FF73EC8DEC7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                    • Instruction ID: 17b179d22e905ef566df3095baa8a12c43d9507b9a244f7acc6191e74d22ca81
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4931CA22B1A742E1FE61FB02A91057DA7D8BF58B60F990635DE1D47350DF3CE4489320
                                                                                                                                                                                                                                                    Function 00007FF73EC87420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC88AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF73EC82ABB), ref: 00007FF73EC88B1A
                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF73EC879A1,00000000,?,00000000,00000000,?,00007FF73EC8154F), ref: 00007FF73EC8747F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC82B30: MessageBoxW.USER32 ref: 00007FF73EC82C05
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF73EC874DA
                                                                                                                                                                                                                                                    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF73EC87456
                                                                                                                                                                                                                                                    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF73EC87493
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                                    • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                                    • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                    • Instruction ID: be4fd403066ea98afeea9c9bb842d0131bba9817f39c0db7b5deede83a6d3727
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A317751B1D783A0FA24B721E6553BED691AF987C0FC40435DA4E82796FE2CE50C9720
                                                                                                                                                                                                                                                    Function 00007FF73EC88AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF73EC82ABB), ref: 00007FF73EC88B1A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF73EC887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC82A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: MessageBoxW.USER32 ref: 00007FF73EC82AF0
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF73EC82ABB), ref: 00007FF73EC88BA0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                                    • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                                    • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                    • Instruction ID: a11544321fa7c58fe2fffe4368d41f009adc033e48b934bdbcf0de1b6ef51ded
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25218022B18A42A1EB50EB29F9500BEE7A1FF847C8FD84531DB4C93B69EF2CD5459710
                                                                                                                                                                                                                                                    Function 00007FF73EC9B710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                    • Instruction ID: 75bdc67bdea3e25152a0a38df0459b1684115b6632451c38cedfc1b016c82937
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED218B24A0C28776FA687B31565517DE282AF44BB0F900734F83E56BC6EE2CE4096635
                                                                                                                                                                                                                                                    Function 00007FF73ECA85BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                    • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                    • Instruction ID: 24e4307a2b3b89c3691107955025d34703e293bb2a200e710f3375a02164db66
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16119622B18A429AF7509B42F85436DB7A0FB48FE4F440635EA5E477A4CF3CD4488754
                                                                                                                                                                                                                                                    Function 00007FF73EC9B888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B897
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B8CD
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B8FA
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B90B
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B91C
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF73EC954CD,?,?,?,?,00007FF73EC9F1BF,?,?,00000000,00007FF73EC9B9A6,?,?,?), ref: 00007FF73EC9B937
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                    • Instruction ID: d303c0816bb450fe8020bc02746eb34bd35e10183d4312f98819c4aec250b72f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C118E20A0C787B6FA187B31564517DE252AF487B0FD40734F87E566C6EE2CB8096625
                                                                                                                                                                                                                                                    Function 00007FF73EC8D778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$f
                                                                                                                                                                                                                                                    • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                                    • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                    • Instruction ID: 01ab5ddfcc4b2331de115c3b4a3fcdbd086ff1ec368de1487dade0cd17dea73f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3851D333A19202EADB14EB11E514A3DBB99FB80B94F918034DE5E47748DF38E848D710
                                                                                                                                                                                                                                                    Function 00007FF73EC82600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                    • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                    • Instruction ID: eb82ea808592cda2b5c91244cab7835170724a0c13d53a4cc927553612fe6aed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75319072A19A8299EB24FF61E9552FDA3A0FF88784F800135EA4D4BB59DF3CD109D710
                                                                                                                                                                                                                                                    Function 00007FF73EC829E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF73EC887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC82A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC88560: GetLastError.KERNEL32(00000000,00007FF73EC82A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC88587
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC88560: FormatMessageW.KERNEL32 ref: 00007FF73EC885B6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC88AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF73EC82ABB), ref: 00007FF73EC88B1A
                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF73EC82AF0
                                                                                                                                                                                                                                                    • MessageBoxA.USER32 ref: 00007FF73EC82B0C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                    • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                    • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                                    • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                    • Instruction ID: 95f27fc8ad1a28797c7f776dd68675c0a8711c680d5c3b7e5fb75f4346317a4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC317472628686A1E630EB10E4516EEE3A4FF847C4FC04136E68D03A99DF3CD709DB50
                                                                                                                                                                                                                                                    Function 00007FF73EC9A018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                    • Instruction ID: 6bd2feb3275d3688e77298dc51f60a17566686501293d1d6a70b94268c34015b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0C861A1970261FB146B54E84437DE760EF49760FC40635D56E451E4DF3DD04CD360
                                                                                                                                                                                                                                                    Function 00007FF73ECA9C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                    • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                    • Instruction ID: bb4dd5d7d7b6f719e3abbe75f38d0495920887201876f922a3bb59682d4c438a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16118C32E58E4331F6543528F84737DD4C16F98368E980E34E96E067DACE2CE84C6220
                                                                                                                                                                                                                                                    Function 00007FF73EC9B950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9B96F
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9B98E
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9B9B6
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9B9C7
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF73EC9AB67,?,?,00000000,00007FF73EC9AE02,?,?,?,?,?,00007FF73EC930CC), ref: 00007FF73EC9B9D8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                    • Instruction ID: 43487ff58ec1b53e5242ba6f400e8d961afbb14b6799eb0d6596e74e00286df6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11AF20B0828375FA58BB26954127DE1516F407B0F944334F87E567C6EE2CE809A621
                                                                                                                                                                                                                                                    Function 00007FF73EC9B7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                    • Instruction ID: cd38af794da3dcb7b8f1e86090c9d4156231ce332b86104a63501d9ca48ab69f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F112A20E0934B76F96C7A3158511BD92815F48B70ED40734F83E5A2D3FD2CB4097639
                                                                                                                                                                                                                                                    Function 00007FF73EC964B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                    • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                    • Instruction ID: ef0cd2f4a0ba8c2d204aaaa84b41bf7bffdaab962569764e7260c04f7de2e110
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC91E372A0C64AA1FB61AF25D45077DB7A0AF40B94FC44136EA5E473D5EF3CE849A320
                                                                                                                                                                                                                                                    Function 00007FF73ECA05A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                    • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                    • Instruction ID: b42d6ad51032a2f4765b4f7699595d9e6631ce1baf53b6a477608b537104461b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C81D672D0C202A5F7647F25821237CB6A0AB11BC8FD58835DA0E97295DF3DE809BB61
                                                                                                                                                                                                                                                    Function 00007FF73EC8EFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                    • Instruction ID: 4616d04145302c1359f273b46593fcea716a6631a329c65dacdfe488a2d170d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A61A133A08B899AE710EF65D5403ADBBA0F744B88F444225EF5D27B95DF38E059C710
                                                                                                                                                                                                                                                    Function 00007FF73EC8F334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                    • Instruction ID: b25d54b0d639b32a827b0b17f0b55e40e0bba95fe00cd1d82d4797a552b57f5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8651F1329082C6A6EB70AF11964437DB7A0FB94B84F844136DA9D97BC5CF3CE458EB10
                                                                                                                                                                                                                                                    Function 00007FF73EC82890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                    • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                                    • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                    • Instruction ID: 30db18396f95338717a5ba87b488c8d961f223243365e54dc2ec350001dd428b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2312472628682A1E620F710E5516DEA3A4FF847C4FC04536E68D47A99DF3CD709DB60
                                                                                                                                                                                                                                                    Function 00007FF73EC83EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF73EC839EA), ref: 00007FF73EC83EF1
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF73EC887F2,?,?,?,?,?,?,?,?,?,?,?,00007FF73EC8101D), ref: 00007FF73EC82A14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC829E0: MessageBoxW.USER32 ref: 00007FF73EC82AF0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                                    • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                                    • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                    • Instruction ID: d0dd265ee189b743c8e700cc12b6c912f6da64451096fd0bf340d9f8ea1789de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E018461B2D64360FA60B728E9553BD9291AF487C4FC01431E85E86292EE2CF50DE720
                                                                                                                                                                                                                                                    Function 00007FF73EC9CB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                    • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                    • Instruction ID: d7dcd2ceac3e131a707b1de8adde7e4ec3dcd5462e004bbe93057a50da913f12
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBD13572B18A81A9E710DF78D4406ECB7B1FB45B98B844235EE5D57BC9EE38D80AD310
                                                                                                                                                                                                                                                    Function 00007FF73EC82330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                    • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                    • Instruction ID: 347fb82d282f495a3a545351bdbe95bf3dee87c7d501df706bc1c65d11f55bc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0110C21E1814292F758AB69F6582BD9295EF95B80FC48030EA4907B8DCD3CD8C96610
                                                                                                                                                                                                                                                    Function 00007FF73ECA628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                    • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                    • Instruction ID: f8ae6104680d5b4f058377e311e2d68e12ec6c3180df77852ca0f879762b0303
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E412822A0838662FB20AB25E44137EE660EF90BA4F944635EF9C06BD5DF3CD44AD710
                                                                                                                                                                                                                                                    Function 00007FF73EC995A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF73EC995D6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF22
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF73EC9AF0C: GetLastError.KERNEL32(?,?,?,00007FF73ECA3392,?,?,?,00007FF73ECA33CF,?,?,00000000,00007FF73ECA3895,?,?,00000000,00007FF73ECA37C7), ref: 00007FF73EC9AF2C
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF73EC8BFE5), ref: 00007FF73EC995F4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\0jNz7djbpp.exe
                                                                                                                                                                                                                                                    • API String ID: 3580290477-390583679
                                                                                                                                                                                                                                                    • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                    • Instruction ID: 8fc9bca8d1289b0e0d85ceaf683ed7aa5c841802064c2d3ea4304462ce156fda
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF417D72A08B12A6EB54FF2594411BDF7A4EF84784B944035FD4E47B85EF3DE489A320
                                                                                                                                                                                                                                                    Function 00007FF73EC9D1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                    • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                    • Instruction ID: b1de1c511ed1853168138e4a7658920279c8f6376b80df8f676e83fbed34de78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5741D222A18A8191EB20AF25E4543ADA760FB88780FC14035EE4D87798EF3CD449D720
                                                                                                                                                                                                                                                    Function 00007FF73EC9F918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                    • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                    • Instruction ID: b92fe2d26a85f6c830445993989e41672ee6147e70eba0872a589c8b8bd049c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6210772B186C1A1FB20AB15D04527DB3B2FB84B48FD24035EA9D53284EF7CE949D761
                                                                                                                                                                                                                                                    Function 00007FF73EC82B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: Fatal error detected
                                                                                                                                                                                                                                                    • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                                    • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                    • Instruction ID: 2f609a37d640d9480a58df34d157d15376a03df8eeb2f007a5b0aeec62cc91f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72218372628682A1E720EB10F5916EEE364FF84788FC05135E69D47AA5DF3CD219DB20
                                                                                                                                                                                                                                                    Function 00007FF73EC82C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: Error detected
                                                                                                                                                                                                                                                    • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                                    • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                    • Instruction ID: 1aa7019958501743896fd6200d7a4acd3b9f679e7d5e83ae14711386c11e15d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14216772628686A1E720E710F5916EEF354FF84788FC05135E68D47A65DF3CD219D720
                                                                                                                                                                                                                                                    Function 00007FF73EC8FE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                    • Instruction ID: e6bd5ab12257a9a25fc8e8405c1d617fd1fa5656ac1cb6eddac409f5b6e28d83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE119A32618B8492EB608F14F50026EB7E1FB88B84F984234EE8C47B69EF3CC455CB00
                                                                                                                                                                                                                                                    Function 00007FF73ECA041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.3298885467.00007FF73EC81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF73EC80000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298861927.00007FF73EC80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298916691.00007FF73ECAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3298953313.00007FF73ECC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.3299003268.00007FF73ECD6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff73ec80000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                    • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                    • Instruction ID: 71daa7de49c077735c2267bd6b9d7fb4f4586800c4069fa494414d011688a663
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD01676191C24796FB60BF60946237EA390FF44745FC50439E94D46691EF3CE94CEA34

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF8B8B01220 Relevance: 673.2, APIs: 191, Strings: 193, Instructions: 1225networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module_$Constant$ObjectString$Err_$DeallocExceptionFrom$Capsule_ExitFormatLongLong_MallocMem_MetaclassStartupTypeType_Unsigned
                                                                                                                                                                                                                                                    • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                                                                                                                                                                                                    • API String ID: 585143114-1188461360
                                                                                                                                                                                                                                                    • Opcode ID: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                                                                                                                                    • Instruction ID: 22edfd265d3111ff30cbce83b8ab877a4bfe2ff4d10dad3a270faea2c8c4b959
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92C2C464F18B5781F6129B3EA8542653794BF45BC1F409036CB0EA66B5EF6DF20AE308
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A0F Relevance: 149.6, APIs: 77, Strings: 8, Instructions: 892COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$R_get_flagsX_get0_cipher
                                                                                                                                                                                                                                                    • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                                                                    • API String ID: 1830453883-2781224710
                                                                                                                                                                                                                                                    • Opcode ID: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                                                                                                                                                                                                    • Instruction ID: b44c7b10ff93c72af0cf5933c5fb41e503c0f9694e3eb67bb2b321ddabc4be09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3992AE71A0E682A6FB21DB21D8457B923A0FF847C8F544032DA4E47699DF7CE885C738
                                                                                                                                                                                                                                                    Function 00007FF8A81F5770 Relevance: 65.6, APIs: 34, Strings: 3, Instructions: 827COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$X_get0_md$D_get_sizeR_get_modeX_get0_cipherX_get_iv_length
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\rec_layer_s3.c$U$do_ssl3_write
                                                                                                                                                                                                                                                    • API String ID: 2155623385-3398879041
                                                                                                                                                                                                                                                    • Opcode ID: bca7e7fb3376a335542f5993ff9c45827a35be7171bdc2aead283071b174c52e
                                                                                                                                                                                                                                                    • Instruction ID: 97d5dead8ed3915938da07c35d26d9d2e6cfcf1a5ff36701558c80c84dc7297a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bca7e7fb3376a335542f5993ff9c45827a35be7171bdc2aead283071b174c52e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1772BD72A0A682A6FB219B21D5447FD23A4FB85BC8F540136DE4D47789DFBCE844C728
                                                                                                                                                                                                                                                    Function 00007FF8B78A8CAC Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 171threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1310 7ff8b78a8cac-7ff8b78a8cd2 1312 7ff8b78a8cd8-7ff8b78a8cea PyWeakref_GetObject 1310->1312 1313 7ff8b78a8d8d-7ff8b78a8d8f 1310->1313 1314 7ff8b78a8d92 1312->1314 1315 7ff8b78a8cf0-7ff8b78a8cf7 1312->1315 1313->1314 1316 7ff8b78a8d95 1314->1316 1317 7ff8b78a8cf9-7ff8b78a8d1a call 7ff8b78a6554 1315->1317 1318 7ff8b78a8d1f-7ff8b78a8d24 1315->1318 1321 7ff8b78a8d98-7ff8b78a8dc9 PyEval_SaveThread SSL_do_handshake call 7ff8b78a4a44 1316->1321 1327 7ff8b78a8eed 1317->1327 1319 7ff8b78a8d26 1318->1319 1320 7ff8b78a8d28-7ff8b78a8d77 SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 1318->1320 1319->1320 1320->1316 1323 7ff8b78a8d79-7ff8b78a8d8b _PyDeadline_Init 1320->1323 1326 7ff8b78a8dce-7ff8b78a8e08 PyEval_RestoreThread PyErr_CheckSignals 1321->1326 1323->1321 1328 7ff8b78a8e0e-7ff8b78a8e11 1326->1328 1329 7ff8b78a8ecd-7ff8b78a8ed0 1326->1329 1330 7ff8b78a8eef-7ff8b78a8f06 1327->1330 1333 7ff8b78a8e13-7ff8b78a8e1c _PyDeadline_Get 1328->1333 1334 7ff8b78a8e1f-7ff8b78a8e26 1328->1334 1331 7ff8b78a8ed2-7ff8b78a8ed4 1329->1331 1332 7ff8b78a8ee5-7ff8b78a8ee8 call 7ff8b78a3da0 1329->1332 1331->1332 1335 7ff8b78a8ed6-7ff8b78a8eda 1331->1335 1332->1327 1333->1334 1337 7ff8b78a8e28-7ff8b78a8e2a 1334->1337 1338 7ff8b78a8e2c-7ff8b78a8e2f 1334->1338 1335->1332 1339 7ff8b78a8edc-7ff8b78a8edf _Py_Dealloc 1335->1339 1340 7ff8b78a8e34-7ff8b78a8e42 call 7ff8b78a4334 1337->1340 1341 7ff8b78a8e52-7ff8b78a8e55 1338->1341 1342 7ff8b78a8e31 1338->1342 1339->1332 1347 7ff8b78a8eb6-7ff8b78a8ec4 1340->1347 1348 7ff8b78a8e44-7ff8b78a8e47 1340->1348 1341->1321 1344 7ff8b78a8e5b-7ff8b78a8e5e 1341->1344 1342->1340 1344->1321 1346 7ff8b78a8e64-7ff8b78a8e67 1344->1346 1349 7ff8b78a8e69-7ff8b78a8e6b 1346->1349 1350 7ff8b78a8e7c-7ff8b78a8e89 1346->1350 1351 7ff8b78a8ec7 PyErr_SetString 1347->1351 1352 7ff8b78a8ea1 1348->1352 1353 7ff8b78a8e49-7ff8b78a8e4c 1348->1353 1349->1350 1354 7ff8b78a8e6d-7ff8b78a8e71 1349->1354 1355 7ff8b78a8f07-7ff8b78a8f1c call 7ff8b78a3da0 1350->1355 1356 7ff8b78a8e8b-7ff8b78a8e96 call 7ff8b78a3ea4 1350->1356 1351->1329 1357 7ff8b78a8ea8-7ff8b78a8eb4 1352->1357 1358 7ff8b78a8e98-7ff8b78a8e9f 1353->1358 1359 7ff8b78a8e4e-7ff8b78a8e50 1353->1359 1354->1350 1360 7ff8b78a8e73-7ff8b78a8e76 _Py_Dealloc 1354->1360 1355->1330 1356->1330 1357->1351 1358->1357 1359->1341 1359->1346 1360->1350
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307994633.00007FF8B78A1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307937546.00007FF8B78A0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308042923.00007FF8B78C0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308061879.00007FF8B78C1000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308135419.00007FF8B78C7000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b78a0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                                                                                    • String ID: Underlying socket connection gone$_ssl.c:983: The handshake operation timed out$_ssl.c:987: Underlying socket has been closed.$_ssl.c:991: Underlying socket too large for select().
                                                                                                                                                                                                                                                    • API String ID: 3614085790-1145532335
                                                                                                                                                                                                                                                    • Opcode ID: fe373fa390acac4dba2bf3258ca8a1411e2591c0ac4994f360803510e032e358
                                                                                                                                                                                                                                                    • Instruction ID: f0e40d4b50419e006219def7de7b62abc1caaecc68da014642238363c6a5d949
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe373fa390acac4dba2bf3258ca8a1411e2591c0ac4994f360803510e032e358
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6617D21B08B4286EB619F2AA84457D6BA1BF99BC4F104431DF0E97B74DF3DE452D328
                                                                                                                                                                                                                                                    Function 00007FF8A81B1F87 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeO_mallocR_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_write_buffer
                                                                                                                                                                                                                                                    • API String ID: 1940814937-2966149938
                                                                                                                                                                                                                                                    • Opcode ID: 85afb77f46bc72fdc1d4914c7653f89f6487480f5dafdb57c33bc1f02508be0d
                                                                                                                                                                                                                                                    • Instruction ID: de41bb76106dc81fc7b244a6ba49f11b26df1e5bfc0b779e9f1b7f88ceb7f410
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85afb77f46bc72fdc1d4914c7653f89f6487480f5dafdb57c33bc1f02508be0d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E231CE73A0AB41A1FB11EB21E8403AA32A4FB44BC4F194531DE8D17B89DF7CD951C368
                                                                                                                                                                                                                                                    Function 00007FF8B8B05074 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadnetworkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                                                                                                                                                                                                    • String ID: bind$socket.bind
                                                                                                                                                                                                                                                    • API String ID: 1695574521-187351271
                                                                                                                                                                                                                                                    • Opcode ID: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                                                                                                                                    • Instruction ID: 464317b52b301ace0f713ef4602e09cef74fdbbeafaebc358fdb51ccb7248bdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58112C21A1CB8681EA209B39F8447AA7364FF48BC4F441132DB8D67B64DF3CE5068708
                                                                                                                                                                                                                                                    Function 00007FF8B8CB10E0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 285COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 459 7ff8b8cb10e0-7ff8b8cb111d PyImport_ImportModule 460 7ff8b8cb1123-7ff8b8cb1128 459->460 461 7ff8b8cb25a6-7ff8b8cb25a9 459->461 462 7ff8b8cb15a1-7ff8b8cb15c5 call 7ff8b8cb1650 460->462 463 7ff8b8cb1137-7ff8b8cb11af 460->463 461->463 464 7ff8b8cb25af 461->464 466 7ff8b8cb25c3-7ff8b8cb25cb 463->466 467 7ff8b8cb11b5-7ff8b8cb11ce socket 463->467 464->466 466->467 468 7ff8b8cb25d1-7ff8b8cb25d9 466->468 470 7ff8b8cb11d4-7ff8b8cb1216 WSAIoctl 467->470 471 7ff8b8cb2648-7ff8b8cb2655 WSAGetLastError call 7ff8b8cb29b8 467->471 468->467 474 7ff8b8cb25df-7ff8b8cb25e7 468->474 472 7ff8b8cb263f-7ff8b8cb2642 closesocket 470->472 473 7ff8b8cb121c-7ff8b8cb125c WSAIoctl 470->473 472->471 473->472 476 7ff8b8cb1262-7ff8b8cb12a2 WSAIoctl 473->476 477 7ff8b8cb12f7-7ff8b8cb1310 PyType_FromModuleAndSpec 474->477 478 7ff8b8cb25ed 474->478 476->472 480 7ff8b8cb12a8-7ff8b8cb12e8 WSAIoctl 476->480 477->460 481 7ff8b8cb1316 477->481 478->467 482 7ff8b8cb25f2-7ff8b8cb2603 PyModule_AddType 478->482 480->472 483 7ff8b8cb12ee-7ff8b8cb12f1 closesocket 480->483 481->482 484 7ff8b8cb1325-7ff8b8cb1327 482->484 485 7ff8b8cb2609 482->485 483->477 484->460 486 7ff8b8cb132d-7ff8b8cb1345 Py_BuildValue 484->486 485->485 486->460 487 7ff8b8cb134b-7ff8b8cb1360 PyModule_AddObject 486->487 488 7ff8b8cb1366-7ff8b8cb137e Py_BuildValue 487->488 489 7ff8b8cb261d-7ff8b8cb2620 487->489 488->460 490 7ff8b8cb1384-7ff8b8cb1399 PyModule_AddObject 488->490 489->460 491 7ff8b8cb2626-7ff8b8cb262a 489->491 490->489 492 7ff8b8cb139f-7ff8b8cb13b7 Py_BuildValue 490->492 491->460 493 7ff8b8cb2630-7ff8b8cb263a _Py_Dealloc 491->493 492->460 494 7ff8b8cb13bd-7ff8b8cb13d2 PyModule_AddObject 492->494 493->460 494->489 495 7ff8b8cb13d8-7ff8b8cb13f0 Py_BuildValue 494->495 495->460 496 7ff8b8cb13f6-7ff8b8cb140b PyModule_AddObject 495->496 496->489 497 7ff8b8cb1411-7ff8b8cb1429 Py_BuildValue 496->497 497->460 498 7ff8b8cb142f-7ff8b8cb1444 PyModule_AddObject 497->498 498->489 499 7ff8b8cb144a-7ff8b8cb1462 Py_BuildValue 498->499 499->460 500 7ff8b8cb1468-7ff8b8cb147d PyModule_AddObject 499->500 500->489 501 7ff8b8cb1483-7ff8b8cb149d Py_BuildValue 500->501 501->460 502 7ff8b8cb14a3-7ff8b8cb14b8 PyModule_AddObject 501->502 502->489 503 7ff8b8cb14be-7ff8b8cb14d3 Py_BuildValue 502->503 503->460 504 7ff8b8cb14d9-7ff8b8cb14ee PyModule_AddObject 503->504 504->489 505 7ff8b8cb14f4-7ff8b8cb150c Py_BuildValue 504->505 505->460 506 7ff8b8cb1512-7ff8b8cb1527 PyModule_AddObject 505->506 506->489 507 7ff8b8cb152d-7ff8b8cb1545 Py_BuildValue 506->507 507->460 508 7ff8b8cb154b-7ff8b8cb1560 PyModule_AddObject 507->508 508->489 509 7ff8b8cb1566-7ff8b8cb157e Py_BuildValue 508->509 509->460 510 7ff8b8cb1584-7ff8b8cb1599 PyModule_AddObject 509->510 510->489 511 7ff8b8cb159f 510->511 511->462
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309145812.00007FF8B8CB1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B8CB0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309123846.00007FF8B8CB0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309185509.00007FF8B8CB6000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309205030.00007FF8B8CBA000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309222046.00007FF8B8CBB000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8cb0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ImportImport_Module
                                                                                                                                                                                                                                                    • String ID: ERROR_IO_PENDING$ERROR_NETNAME_DELETED$ERROR_OPERATION_ABORTED$ERROR_PIPE_BUSY$ERROR_SEM_TIMEOUT$INFINITE$INVALID_HANDLE_VALUE$NULL$SO_UPDATE_ACCEPT_CONTEXT$SO_UPDATE_CONNECT_CONTEXT$TF_REUSE_SOCKET$_socket
                                                                                                                                                                                                                                                    • API String ID: 412506365-2369917753
                                                                                                                                                                                                                                                    • Opcode ID: 3ce81b8e5d00c5987ad43871f43d288b58179398d8ef34d083f58b447e6828ed
                                                                                                                                                                                                                                                    • Instruction ID: 336a5e4c94ac6bda3afc452b1504f6cfc6ee401dcd1dec3b9cf1bfd641292dfb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ce81b8e5d00c5987ad43871f43d288b58179398d8ef34d083f58b447e6828ed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AFD14EA1A19F0A8EEB908F18E86867533A0EF45BD4F441535DB4E47794EF3CE7068748
                                                                                                                                                                                                                                                    Function 00007FF8B7DE1560 Relevance: 78.9, APIs: 25, Strings: 20, Instructions: 182COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 512 7ff8b7de1560-7ff8b7de1586 PyImport_ImportModule 513 7ff8b7de29d4 512->513 514 7ff8b7de158c-7ff8b7de1599 PyDict_New 512->514 514->513 515 7ff8b7de159f-7ff8b7de15ae PySet_New 514->515 515->513 516 7ff8b7de15b4-7ff8b7de15cf Py_BuildValue 515->516 516->513 517 7ff8b7de15d5-7ff8b7de15e8 PyImport_ImportModule 516->517 518 7ff8b7de15ee-7ff8b7de1605 PyObject_GetAttrString 517->518 519 7ff8b7de29bb-7ff8b7de29be 517->519 520 7ff8b7de29c0-7ff8b7de29c3 518->520 521 7ff8b7de160b 518->521 519->513 519->520 520->513 522 7ff8b7de29c5-7ff8b7de29c9 520->522 523 7ff8b7de28d4-7ff8b7de28d7 521->523 524 7ff8b7de161a-7ff8b7de162d PyImport_ImportModule 521->524 522->513 525 7ff8b7de29cb-7ff8b7de29ce _Py_Dealloc 522->525 523->524 526 7ff8b7de28dd 523->526 524->519 527 7ff8b7de1633-7ff8b7de164a PyObject_GetAttrString 524->527 525->513 528 7ff8b7de28f1-7ff8b7de28f4 526->528 527->520 529 7ff8b7de1650 527->529 530 7ff8b7de165f-7ff8b7de1672 PyImport_ImportModule 528->530 531 7ff8b7de28fa 528->531 529->528 530->519 532 7ff8b7de1678-7ff8b7de168f PyObject_GetAttrString 530->532 531->531 532->520 533 7ff8b7de1695-7ff8b7de16ac PyObject_GetAttrString 532->533 533->520 534 7ff8b7de16b2-7ff8b7de2911 533->534 536 7ff8b7de2917 534->536 537 7ff8b7de16c1-7ff8b7de16d4 PyImport_ImportModule 534->537 536->536 537->519 538 7ff8b7de16da-7ff8b7de16f4 PyObject_GetAttrString 537->538 538->520 539 7ff8b7de16fa-7ff8b7de1711 PyObject_GetAttrString 538->539 539->520 540 7ff8b7de1717-7ff8b7de172e PyObject_GetAttrString 539->540 540->520 541 7ff8b7de1734-7ff8b7de292e 540->541 543 7ff8b7de2934 541->543 544 7ff8b7de1743-7ff8b7de1756 PyImport_ImportModule 541->544 543->543 544->519 545 7ff8b7de175c-7ff8b7de1776 PyObject_GetAttrString 544->545 545->520 546 7ff8b7de177c-7ff8b7de294b 545->546 548 7ff8b7de2951 546->548 549 7ff8b7de178b-7ff8b7de179e PyImport_ImportModule 546->549 548->548 549->519 550 7ff8b7de17a4-7ff8b7de17be PyObject_GetAttrString 549->550 550->520 551 7ff8b7de17c4-7ff8b7de2968 550->551 553 7ff8b7de17d3-7ff8b7de17e6 PyImport_ImportModule 551->553 554 7ff8b7de296e 551->554 553->519 555 7ff8b7de17ec-7ff8b7de1802 PyObject_GetAttrString 553->555 554->554 555->520 556 7ff8b7de1808-7ff8b7de2992 PyObject_CallNoArgs 555->556 558 7ff8b7de1817-7ff8b7de181c 556->558 559 7ff8b7de2998 556->559 558->520 560 7ff8b7de1822-7ff8b7de1831 PySet_New 558->560 559->559 560->519 561 7ff8b7de1837-7ff8b7de183a 560->561 562 7ff8b7de1846-7ff8b7de1857 561->562 563 7ff8b7de183c-7ff8b7de1840 561->563 563->562 564 7ff8b7de29ac-7ff8b7de29b6 _Py_Dealloc 563->564 564->562
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308215869.00007FF8B7DE1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B7DE0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308198035.00007FF8B7DE0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308295511.00007FF8B7DED000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7de0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ImportImport_Module$AttrObject_String$BuildDeallocDict_Set_Value
                                                                                                                                                                                                                                                    • String ID: (s)$CancelledError$InvalidStateError$WeakSet$_future_repr$_task_get_stack$_task_print_stack$_task_repr$asyncio$asyncio.base_futures$asyncio.base_tasks$asyncio.coroutines$asyncio.events$asyncio.exceptions$context$extract_stack$get_event_loop_policy$iscoroutine$traceback$weakref
                                                                                                                                                                                                                                                    • API String ID: 619080988-694597896
                                                                                                                                                                                                                                                    • Opcode ID: 107a669166a15369aede0d84b43ceceb422bf509d1b4bf3cb273ae2fe6a8dfbc
                                                                                                                                                                                                                                                    • Instruction ID: 1aff4d6f2f7ad140ed9814219f6733c693b3a876605b7b1bbd900039b7f443a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 107a669166a15369aede0d84b43ceceb422bf509d1b4bf3cb273ae2fe6a8dfbc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D191A625B09F0391FE5B8B19A85427C22A0AF087D5F4C2635CB6E627B8EF3CF5958311
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                                                                    • API String ID: 193678381-3615793073
                                                                                                                                                                                                                                                    • Opcode ID: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                                                                                                                                                                                                    • Instruction ID: 11477e628e61ff377f68b8e0c7f472b0ba1806210b6d47deabcfe3de5d28b18a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B752B231A0E682A5FB668B11D4403BE3791EF817C4F94453ACE8E07699DF7DE885C728
                                                                                                                                                                                                                                                    Function 00007FF8B8B070C0 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 260threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1049 7ff8b8b070c0-7ff8b8b07164 _PyArg_ParseTupleAndKeywords_SizeT 1050 7ff8b8b07482 1049->1050 1051 7ff8b8b0716a-7ff8b8b07175 1049->1051 1052 7ff8b8b07484-7ff8b8b074a4 1050->1052 1053 7ff8b8b07177-7ff8b8b0717a 1051->1053 1054 7ff8b8b0717c-7ff8b8b0718a 1051->1054 1055 7ff8b8b071c5-7ff8b8b071d4 1053->1055 1056 7ff8b8b071ae-7ff8b8b071b2 1054->1056 1057 7ff8b8b0718c-7ff8b8b071a2 PyUnicode_AsEncodedString 1054->1057 1061 7ff8b8b071d6-7ff8b8b071e5 PyObject_Str 1055->1061 1062 7ff8b8b071f0-7ff8b8b071fa 1055->1062 1059 7ff8b8b0746b-7ff8b8b0747c PyErr_SetString 1056->1059 1060 7ff8b8b071b8-7ff8b8b071be PyBytes_AsString 1056->1060 1057->1050 1058 7ff8b8b071a8-7ff8b8b071ac 1057->1058 1063 7ff8b8b071c1 1058->1063 1059->1050 1060->1063 1064 7ff8b8b071eb-7ff8b8b071ee 1061->1064 1065 7ff8b8b07428-7ff8b8b0742b 1061->1065 1066 7ff8b8b071fc 1062->1066 1067 7ff8b8b0721b-7ff8b8b0721f 1062->1067 1063->1055 1070 7ff8b8b071ff-7ff8b8b0720b PyUnicode_AsUTF8 1064->1070 1068 7ff8b8b07441-7ff8b8b07444 1065->1068 1069 7ff8b8b0742d-7ff8b8b07430 1065->1069 1066->1070 1071 7ff8b8b07227-7ff8b8b0722e 1067->1071 1072 7ff8b8b07221-7ff8b8b07225 1067->1072 1074 7ff8b8b07446-7ff8b8b07449 1068->1074 1075 7ff8b8b0745a-7ff8b8b07461 1068->1075 1069->1068 1073 7ff8b8b07432-7ff8b8b07436 1069->1073 1070->1065 1076 7ff8b8b07211-7ff8b8b07219 1070->1076 1078 7ff8b8b07234 1071->1078 1079 7ff8b8b07411-7ff8b8b07422 PyErr_SetString 1071->1079 1077 7ff8b8b07237-7ff8b8b07265 PySys_Audit 1072->1077 1073->1068 1081 7ff8b8b07438-7ff8b8b0743b _Py_Dealloc 1073->1081 1074->1075 1082 7ff8b8b0744b-7ff8b8b0744f 1074->1082 1075->1050 1083 7ff8b8b07463-7ff8b8b07469 freeaddrinfo 1075->1083 1076->1077 1077->1050 1080 7ff8b8b0726b-7ff8b8b072bf PyEval_SaveThread getaddrinfo PyEval_RestoreThread 1077->1080 1078->1077 1079->1065 1084 7ff8b8b072d6-7ff8b8b072e4 PyList_New 1080->1084 1085 7ff8b8b072c1-7ff8b8b072d1 call 7ff8b8b04a70 1080->1085 1081->1068 1082->1075 1086 7ff8b8b07451-7ff8b8b07454 _Py_Dealloc 1082->1086 1083->1050 1084->1065 1088 7ff8b8b072ea-7ff8b8b072f1 1084->1088 1085->1065 1086->1075 1090 7ff8b8b072f7-7ff8b8b0730e call 7ff8b8b04818 1088->1090 1091 7ff8b8b0739e-7ff8b8b073a1 1088->1091 1101 7ff8b8b07314-7ff8b8b07351 _Py_BuildValue_SizeT 1090->1101 1102 7ff8b8b073fa-7ff8b8b073fe 1090->1102 1092 7ff8b8b073b7-7ff8b8b073ba 1091->1092 1093 7ff8b8b073a3-7ff8b8b073a6 1091->1093 1096 7ff8b8b073d0-7ff8b8b073d7 1092->1096 1097 7ff8b8b073bc-7ff8b8b073bf 1092->1097 1093->1092 1095 7ff8b8b073a8-7ff8b8b073ac 1093->1095 1095->1092 1099 7ff8b8b073ae-7ff8b8b073b1 _Py_Dealloc 1095->1099 1103 7ff8b8b073df-7ff8b8b073e2 1096->1103 1104 7ff8b8b073d9 freeaddrinfo 1096->1104 1097->1096 1100 7ff8b8b073c1-7ff8b8b073c5 1097->1100 1099->1092 1100->1096 1106 7ff8b8b073c7-7ff8b8b073ca _Py_Dealloc 1100->1106 1107 7ff8b8b07363-7ff8b8b07366 1101->1107 1108 7ff8b8b07353-7ff8b8b07358 1101->1108 1102->1065 1105 7ff8b8b07400-7ff8b8b07404 1102->1105 1103->1052 1104->1103 1105->1065 1109 7ff8b8b07406-7ff8b8b0740f _Py_Dealloc 1105->1109 1106->1096 1107->1102 1111 7ff8b8b0736c-7ff8b8b0737c PyList_Append 1107->1111 1108->1107 1110 7ff8b8b0735a-7ff8b8b0735d _Py_Dealloc 1108->1110 1109->1065 1110->1107 1112 7ff8b8b073e7-7ff8b8b073e9 1111->1112 1113 7ff8b8b0737e-7ff8b8b07380 1111->1113 1112->1102 1114 7ff8b8b073eb-7ff8b8b073ef 1112->1114 1115 7ff8b8b07382-7ff8b8b07386 1113->1115 1116 7ff8b8b07391-7ff8b8b07398 1113->1116 1114->1102 1118 7ff8b8b073f1-7ff8b8b073f4 _Py_Dealloc 1114->1118 1115->1116 1117 7ff8b8b07388-7ff8b8b0738b _Py_Dealloc 1115->1117 1116->1090 1116->1091 1117->1116 1118->1102
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dealloc$String$Err_Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_Object_ParseRestoreSaveSys_TupleValue_getaddrinfo
                                                                                                                                                                                                                                                    • String ID: Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                                                                                                                                                                                                    • API String ID: 3469260611-1074899869
                                                                                                                                                                                                                                                    • Opcode ID: 23be9308df294b3ceca43b4538df3c03a2cd0e723b85bf30aa3f47610af3ade2
                                                                                                                                                                                                                                                    • Instruction ID: c9e823018b1ee63df8ae9599a6ad7659cda12efbc62d97a2dab85b120c1c14a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23be9308df294b3ceca43b4538df3c03a2cd0e723b85bf30aa3f47610af3ade2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CC12332A09A02C6EB14CF79E8546BCB7A4BB48BC4F408535DF4E66A64DF3DE546C708
                                                                                                                                                                                                                                                    Function 00007FF8B78A82CC Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 195threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1119 7ff8b78a82cc-7ff8b78a832e _errno 1120 7ff8b78a8330-7ff8b78a8333 1119->1120 1121 7ff8b78a835a-7ff8b78a8369 PyUnicode_FSConverter 1119->1121 1124 7ff8b78a8391-7ff8b78a83a0 PyUnicode_FSConverter 1120->1124 1125 7ff8b78a8335-7ff8b78a8338 1120->1125 1122 7ff8b78a836b-7ff8b78a837d PyErr_ExceptionMatches 1121->1122 1123 7ff8b78a838c-7ff8b78a838f 1121->1123 1126 7ff8b78a8383-7ff8b78a838a 1122->1126 1127 7ff8b78a854a 1122->1127 1123->1124 1129 7ff8b78a83c3-7ff8b78a83c6 1123->1129 1128 7ff8b78a83a2-7ff8b78a83b4 PyErr_ExceptionMatches 1124->1128 1124->1129 1130 7ff8b78a83c8-7ff8b78a83d9 1125->1130 1131 7ff8b78a833e 1125->1131 1132 7ff8b78a8345-7ff8b78a8355 PyErr_SetString 1126->1132 1133 7ff8b78a854c-7ff8b78a8553 1127->1133 1128->1127 1134 7ff8b78a83ba-7ff8b78a83c1 1128->1134 1129->1130 1137 7ff8b78a8443-7ff8b78a8446 1129->1137 1135 7ff8b78a845a-7ff8b78a8462 PyObject_CheckBuffer 1130->1135 1136 7ff8b78a83db-7ff8b78a83e7 PyUnicode_AsASCIIString 1130->1136 1131->1132 1132->1127 1142 7ff8b78a8566-7ff8b78a856d 1133->1142 1143 7ff8b78a8555-7ff8b78a8558 1133->1143 1134->1132 1140 7ff8b78a8401-7ff8b78a8408 1135->1140 1141 7ff8b78a8464-7ff8b78a8476 PyObject_GetBuffer 1135->1141 1144 7ff8b78a83e9-7ff8b78a83fb PyErr_ExceptionMatches 1136->1144 1145 7ff8b78a840d-7ff8b78a8426 call 7ff8b78a4d0c 1136->1145 1138 7ff8b78a84d4-7ff8b78a84df 1137->1138 1139 7ff8b78a844c-7ff8b78a844f 1137->1139 1146 7ff8b78a84e1-7ff8b78a84e5 1138->1146 1147 7ff8b78a84e9-7ff8b78a850f PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 1138->1147 1139->1133 1148 7ff8b78a8455 1139->1148 1140->1132 1141->1127 1150 7ff8b78a847c-7ff8b78a848a PyBuffer_IsContiguous 1141->1150 1152 7ff8b78a8580-7ff8b78a85a6 1142->1152 1153 7ff8b78a856f-7ff8b78a8572 1142->1153 1143->1142 1149 7ff8b78a855a-7ff8b78a855e 1143->1149 1144->1127 1144->1140 1163 7ff8b78a8436-7ff8b78a843a 1145->1163 1164 7ff8b78a8428-7ff8b78a842b 1145->1164 1146->1147 1147->1133 1154 7ff8b78a8511-7ff8b78a851a _errno 1147->1154 1148->1146 1149->1142 1157 7ff8b78a8560 _Py_Dealloc 1149->1157 1155 7ff8b78a84be-7ff8b78a84cf PyBuffer_Release 1150->1155 1156 7ff8b78a848c-7ff8b78a848f 1150->1156 1153->1152 1158 7ff8b78a8574-7ff8b78a8578 1153->1158 1160 7ff8b78a8534-7ff8b78a8545 call 7ff8b78a6554 1154->1160 1161 7ff8b78a851c-7ff8b78a8532 PyErr_SetFromErrno ERR_clear_error 1154->1161 1155->1132 1156->1155 1162 7ff8b78a8491-7ff8b78a84b6 call 7ff8b78a4d0c PyBuffer_Release 1156->1162 1157->1142 1158->1152 1165 7ff8b78a857a _Py_Dealloc 1158->1165 1160->1127 1161->1127 1162->1127 1171 7ff8b78a84bc 1162->1171 1163->1127 1167 7ff8b78a8440 1163->1167 1164->1163 1166 7ff8b78a842d-7ff8b78a8430 _Py_Dealloc 1164->1166 1165->1152 1166->1163 1167->1137 1171->1137
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307994633.00007FF8B78A1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307937546.00007FF8B78A0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308042923.00007FF8B78C0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308061879.00007FF8B78C1000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308135419.00007FF8B78C7000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b78a0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                                                                                    • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                                                                                    • API String ID: 3554890122-3904065072
                                                                                                                                                                                                                                                    • Opcode ID: 7c0e50c5d797ef638d39eef09b1b159086aa94cba534aa7ea738b7df414c95bc
                                                                                                                                                                                                                                                    • Instruction ID: c08372a9289046defc3de3fd6e4bade38a79065fc9fd16f888cc4bf103b843bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c0e50c5d797ef638d39eef09b1b159086aa94cba534aa7ea738b7df414c95bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8814A61F09B0285EB569B6EE8542BD2BA2BF44BD4F444031CF0E976B8DE7CE445D328
                                                                                                                                                                                                                                                    Function 00007FF8B8B05AB0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1172 7ff8b8b05ab0-7ff8b8b05b01 PyType_GetModuleByDef 1173 7ff8b8b05b03-7ff8b8b05b0d 1172->1173 1174 7ff8b8b05b0f-7ff8b8b05b34 PySys_Audit 1172->1174 1173->1174 1175 7ff8b8b05b4f-7ff8b8b05b5d 1173->1175 1176 7ff8b8b05b36-7ff8b8b05b39 1174->1176 1177 7ff8b8b05b8a 1174->1177 1180 7ff8b8b05b63-7ff8b8b05b6b 1175->1180 1181 7ff8b8b05d22-7ff8b8b05d32 PyLong_AsLongLong 1175->1181 1178 7ff8b8b05b3f-7ff8b8b05b49 1176->1178 1179 7ff8b8b05dfa-7ff8b8b05e5d PyEval_SaveThread WSASocketW PyEval_RestoreThread 1176->1179 1182 7ff8b8b05b8f-7ff8b8b05bb2 call 7ff8b8b02a50 1177->1182 1178->1175 1178->1179 1183 7ff8b8b05cd4-7ff8b8b05cd9 call 7ff8b8b04a3c 1179->1183 1184 7ff8b8b05e63-7ff8b8b05e81 call 7ff8b8b043c8 1179->1184 1185 7ff8b8b05bb3-7ff8b8b05bbc 1180->1185 1186 7ff8b8b05b6d-7ff8b8b05b84 PyErr_Format 1180->1186 1187 7ff8b8b05d34-7ff8b8b05d3d PyErr_Occurred 1181->1187 1188 7ff8b8b05d5f-7ff8b8b05d8e memset getsockname 1181->1188 1183->1177 1203 7ff8b8b05e87-7ff8b8b05e89 1184->1203 1204 7ff8b8b05cf8-7ff8b8b05d01 closesocket 1184->1204 1196 7ff8b8b05bc4-7ff8b8b05c15 1185->1196 1186->1177 1187->1177 1192 7ff8b8b05d43-7ff8b8b05d5a PyErr_SetString 1187->1192 1193 7ff8b8b05d90-7ff8b8b05d93 1188->1193 1194 7ff8b8b05d9c-7ff8b8b05d9f 1188->1194 1192->1177 1199 7ff8b8b05db6-7ff8b8b05dba 1193->1199 1200 7ff8b8b05d95-7ff8b8b05d9a 1193->1200 1194->1183 1201 7ff8b8b05da5-7ff8b8b05db0 WSAGetLastError 1194->1201 1196->1196 1202 7ff8b8b05c17-7ff8b8b05c8a PySys_Audit 1196->1202 1206 7ff8b8b05df5-7ff8b8b05df8 1199->1206 1207 7ff8b8b05dbc-7ff8b8b05dea getsockopt 1199->1207 1200->1199 1201->1183 1201->1199 1202->1177 1205 7ff8b8b05c90-7ff8b8b05cd2 PyEval_SaveThread WSASocketW PyEval_RestoreThread 1202->1205 1203->1182 1204->1177 1205->1183 1209 7ff8b8b05cde-7ff8b8b05cee SetHandleInformation 1205->1209 1206->1184 1207->1183 1208 7ff8b8b05df0 1207->1208 1208->1206 1210 7ff8b8b05d06-7ff8b8b05d1d 1209->1210 1211 7ff8b8b05cf0-7ff8b8b05cf2 PyErr_SetFromWindowsErr 1209->1211 1210->1184 1211->1204
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                                                                                                                                                                                                    • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                                                                                                                                                                                                    • API String ID: 3363282672-2881308447
                                                                                                                                                                                                                                                    • Opcode ID: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                                                                                                                                    • Instruction ID: bbf8c0ccfe7605b4934c5f759a0ac6037187c23125232a46d7744650ad8bbeaf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43B15F62A08A8682E6248F3D98046B96360FB99BE4F045335DF5D63AB1DF3CE586C704
                                                                                                                                                                                                                                                    Function 00007FF8A81B14BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1212 7ff8a81b14bf-7ff8a820e734 call 7ff8a81b1325 * 2 1219 7ff8a820ea8a-7ff8a820eaa4 1212->1219 1220 7ff8a820e73a-7ff8a820e751 ERR_clear_error SetLastError 1212->1220 1221 7ff8a820e761-7ff8a820e768 1220->1221 1222 7ff8a820e753-7ff8a820e75a 1220->1222 1223 7ff8a820e76a-7ff8a820e76e 1221->1223 1224 7ff8a820e776-7ff8a820e780 1221->1224 1222->1221 1225 7ff8a820e770-7ff8a820e774 1223->1225 1226 7ff8a820e792-7ff8a820e797 1223->1226 1224->1226 1227 7ff8a820e782-7ff8a820e78c call 7ff8a81b192e 1224->1227 1225->1224 1225->1226 1229 7ff8a820e799-7ff8a820e79c 1226->1229 1230 7ff8a820e7a3 1226->1230 1227->1219 1227->1226 1232 7ff8a820e79e 1229->1232 1233 7ff8a820e7a7-7ff8a820e7ae 1229->1233 1230->1233 1234 7ff8a820e993 1232->1234 1235 7ff8a820e7b0-7ff8a820e7b7 1233->1235 1236 7ff8a820e7f1-7ff8a820e806 1233->1236 1239 7ff8a820e997-7ff8a820e99a 1234->1239 1240 7ff8a820e7b9-7ff8a820e7c0 1235->1240 1241 7ff8a820e7e3-7ff8a820e7eb 1235->1241 1237 7ff8a820e808-7ff8a820e812 1236->1237 1238 7ff8a820e855-7ff8a820e85f 1236->1238 1242 7ff8a820e86d-7ff8a820e883 call 7ff8a81b20c7 1237->1242 1243 7ff8a820e814-7ff8a820e817 1237->1243 1238->1242 1244 7ff8a820e861-7ff8a820e86b ERR_new 1238->1244 1245 7ff8a820e9b9-7ff8a820e9bc 1239->1245 1246 7ff8a820e99c-7ff8a820e99f call 7ff8a820e240 1239->1246 1240->1241 1247 7ff8a820e7c2-7ff8a820e7d1 1240->1247 1241->1236 1269 7ff8a820e891-7ff8a820e898 1242->1269 1270 7ff8a820e885-7ff8a820e88f ERR_new 1242->1270 1250 7ff8a820e819-7ff8a820e81e 1243->1250 1251 7ff8a820e820-7ff8a820e825 ERR_new 1243->1251 1254 7ff8a820e82a-7ff8a820e850 ERR_set_debug call 7ff8a81b1d89 1244->1254 1248 7ff8a820e9be-7ff8a820e9c1 call 7ff8a820ec70 1245->1248 1249 7ff8a820e9f5-7ff8a820e9f9 1245->1249 1260 7ff8a820e9a4-7ff8a820e9a7 1246->1260 1247->1241 1255 7ff8a820e7d3-7ff8a820e7da 1247->1255 1263 7ff8a820e9c6-7ff8a820e9c9 1248->1263 1257 7ff8a820e9fb-7ff8a820e9fe 1249->1257 1258 7ff8a820ea00-7ff8a820ea2d ERR_new ERR_set_debug call 7ff8a81b1d89 1249->1258 1250->1242 1250->1251 1251->1254 1273 7ff8a820ea63-7ff8a820ea71 BUF_MEM_free 1254->1273 1255->1241 1261 7ff8a820e7dc-7ff8a820e7e1 1255->1261 1257->1258 1266 7ff8a820ea32-7ff8a820ea5b ERR_new ERR_set_debug ERR_set_error 1257->1266 1258->1266 1267 7ff8a820e9ad-7ff8a820e9b7 1260->1267 1268 7ff8a820ea60 1260->1268 1261->1236 1261->1241 1274 7ff8a820e9d8-7ff8a820e9db 1263->1274 1275 7ff8a820e9cb-7ff8a820e9d6 1263->1275 1266->1268 1276 7ff8a820e9e8-7ff8a820e9ee 1267->1276 1268->1273 1271 7ff8a820e89a-7ff8a820e8a5 call 7ff8a822cc43 1269->1271 1272 7ff8a820e8de-7ff8a820e8e8 call 7ff8a81b2077 1269->1272 1270->1254 1286 7ff8a820e8b6-7ff8a820e8c6 call 7ff8a822c175 1271->1286 1287 7ff8a820e8a7-7ff8a820e8b1 ERR_new 1271->1287 1288 7ff8a820e8ea-7ff8a820e8ef ERR_new 1272->1288 1289 7ff8a820e91f-7ff8a820e937 call 7ff8a81b1ff0 1272->1289 1273->1219 1277 7ff8a820ea73-7ff8a820ea81 1273->1277 1274->1268 1279 7ff8a820e9e1 1274->1279 1275->1276 1276->1239 1281 7ff8a820e9f0-7ff8a820e9f3 1276->1281 1283 7ff8a820ea88 1277->1283 1284 7ff8a820ea83 1277->1284 1279->1276 1281->1268 1283->1219 1284->1283 1299 7ff8a820e8c8-7ff8a820e8d2 ERR_new 1286->1299 1300 7ff8a820e8d7 1286->1300 1287->1254 1292 7ff8a820e8f4-7ff8a820e91a ERR_set_debug call 7ff8a81b1d89 1288->1292 1297 7ff8a820e939-7ff8a820e943 ERR_new 1289->1297 1298 7ff8a820e945-7ff8a820e949 1289->1298 1292->1268 1297->1292 1301 7ff8a820e94b-7ff8a820e94f 1298->1301 1302 7ff8a820e951-7ff8a820e958 1298->1302 1299->1254 1300->1272 1301->1302 1303 7ff8a820e95a-7ff8a820e967 call 7ff8a81b186b 1301->1303 1302->1303 1304 7ff8a820e986-7ff8a820e98e 1302->1304 1303->1273 1307 7ff8a820e96d-7ff8a820e974 1303->1307 1304->1234 1308 7ff8a820e97f 1307->1308 1309 7ff8a820e976-7ff8a820e97d 1307->1309 1308->1304 1309->1304 1309->1308
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                                                    • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                                                    • Opcode ID: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                                                                                                                                                                                                    • Instruction ID: b8ac0272301c21edf751f7037c03a1c67f9196e5b407c4d32d68a9cf09f5ea02
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79A1A036A0E242A5F7A4BB65E4413B822A5EF85BC4F544431DA0D466AEDF3CECC1C379
                                                                                                                                                                                                                                                    Function 00007FF8B7804640 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1365 7ff8b7804640-7ff8b780467d PyImport_ImportModuleLevelObject 1366 7ff8b7804683-7ff8b780468f 1365->1366 1367 7ff8b78047fb 1365->1367 1369 7ff8b7804815-7ff8b7804818 1366->1369 1370 7ff8b7804695-7ff8b78046a8 1366->1370 1368 7ff8b78047fd-7ff8b7804814 1367->1368 1369->1368 1371 7ff8b78046b0-7ff8b78046c9 PyObject_GetAttr 1370->1371 1372 7ff8b7804717-7ff8b780472b 1371->1372 1373 7ff8b78046cb-7ff8b78046e9 PyUnicode_FromFormat 1371->1373 1376 7ff8b7804735 PyObject_SetItem 1372->1376 1377 7ff8b780472d-7ff8b7804733 PyDict_SetItem 1372->1377 1374 7ff8b78046ef-7ff8b7804701 PyObject_GetItem 1373->1374 1375 7ff8b780477b-7ff8b78047c2 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 1373->1375 1378 7ff8b7804703-7ff8b7804707 1374->1378 1379 7ff8b7804712-7ff8b7804715 1374->1379 1381 7ff8b78047c4-7ff8b78047c8 1375->1381 1382 7ff8b78047d3-7ff8b78047d6 1375->1382 1380 7ff8b780473b-7ff8b7804740 1376->1380 1377->1380 1378->1379 1385 7ff8b7804709-7ff8b780470c _Py_Dealloc 1378->1385 1379->1372 1379->1375 1386 7ff8b7804742-7ff8b7804746 1380->1386 1387 7ff8b7804751-7ff8b7804753 1380->1387 1381->1382 1388 7ff8b78047ca-7ff8b78047cd _Py_Dealloc 1381->1388 1383 7ff8b78047e7-7ff8b78047ea 1382->1383 1384 7ff8b78047d8-7ff8b78047dc 1382->1384 1383->1367 1390 7ff8b78047ec-7ff8b78047f0 1383->1390 1384->1383 1389 7ff8b78047de-7ff8b78047e1 _Py_Dealloc 1384->1389 1385->1379 1386->1387 1391 7ff8b7804748-7ff8b780474b _Py_Dealloc 1386->1391 1387->1383 1392 7ff8b7804759-7ff8b7804768 1387->1392 1388->1382 1389->1383 1390->1367 1393 7ff8b78047f2-7ff8b78047f5 _Py_Dealloc 1390->1393 1391->1387 1392->1369 1394 7ff8b780476e-7ff8b7804776 1392->1394 1393->1367 1394->1371
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307683054.00007FF8B7801000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B7800000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307626697.00007FF8B7800000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307705255.00007FF8B7815000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307746773.00007FF8B781B000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307779004.00007FF8B781F000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7800000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                                                                    • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                                                                    • API String ID: 3630264407-438398067
                                                                                                                                                                                                                                                    • Opcode ID: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                                                                                                                                                                                                    • Instruction ID: 0d50f2adb4bc13a150e15e27de9e34adb07a2c34cb8ea7f989bdf822a33ea25a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A513C76B18B8685EA148F1AA80867E6BA1FB4AFD5F448031CF4E47B74DF3CE0458308
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                                                                    • API String ID: 2779586248-3767186838
                                                                                                                                                                                                                                                    • Opcode ID: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                                                                                                                                                                                                    • Instruction ID: f4e5fc205cd95cebd0a6c898c55fe64bb37cc0132ff7cfc89c078731d0a74e42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD518C72B1A682A2F750DB25D4453B823A1EB84BC4F644031ED4D4B79EDF3DE881C728
                                                                                                                                                                                                                                                    Function 00007FF8B8B06C48 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                                                                                                                                                                                                    • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                                                                                                                                                                                                    • API String ID: 418579395-1608436615
                                                                                                                                                                                                                                                    • Opcode ID: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                                                                                                                                    • Instruction ID: a681239212a2ee41a856a8838896f1e1c35c43f49bdae9ac1f60e40e65858335
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15410B3160CB8696EB208B39E4406A97360FB89BD4F500235DB9D53774DF3CD54ACB48
                                                                                                                                                                                                                                                    Function 00007FF8B8B029A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                                                                                                                                                                                                    • String ID: socket.gethostname
                                                                                                                                                                                                                                                    • API String ID: 1075394898-2650736202
                                                                                                                                                                                                                                                    • Opcode ID: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                                                                                                                                    • Instruction ID: 2f4903d94902c58f2720ff244ed1ceb69d15f59156b5e2b862bd1c9b92347a40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41314F21A1CA4382E7659B79A81427E63A5FF8CBC4F444035DB4E626B4DF3CE10A8A08
                                                                                                                                                                                                                                                    Function 00007FF8A81B14F1 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1468 7ff8a81b14f1-7ff8a81f7714 call 7ff8a81b1325 1472 7ff8a81f77d3 1468->1472 1473 7ff8a81f771a-7ff8a81f7722 1468->1473 1474 7ff8a81f77d5-7ff8a81f77f1 1472->1474 1475 7ff8a81f7724-7ff8a81f772b call 7ff8a81b1852 1473->1475 1476 7ff8a81f7731-7ff8a81f7754 1473->1476 1475->1476 1485 7ff8a81f786d-7ff8a81f7872 1475->1485 1477 7ff8a81f7756-7ff8a81f7759 1476->1477 1478 7ff8a81f777a-7ff8a81f778f 1476->1478 1480 7ff8a81f7762-7ff8a81f7773 1477->1480 1481 7ff8a81f775b 1477->1481 1482 7ff8a81f77b6-7ff8a81f77c7 1478->1482 1483 7ff8a81f7791-7ff8a81f7796 1478->1483 1480->1478 1481->1480 1487 7ff8a81f77fc-7ff8a81f77ff 1482->1487 1488 7ff8a81f77c9-7ff8a81f77cc 1482->1488 1483->1482 1486 7ff8a81f7798-7ff8a81f77af memmove 1483->1486 1485->1474 1486->1482 1491 7ff8a81f7801-7ff8a81f7826 1487->1491 1492 7ff8a81f7828-7ff8a81f7839 1487->1492 1489 7ff8a81f77f2-7ff8a81f77f5 1488->1489 1490 7ff8a81f77ce-7ff8a81f77d1 1488->1490 1489->1491 1495 7ff8a81f77f7-7ff8a81f77fa 1489->1495 1490->1472 1490->1487 1491->1474 1493 7ff8a81f7877-7ff8a81f787e 1492->1493 1494 7ff8a81f783b-7ff8a81f7868 ERR_new ERR_set_debug call 7ff8a81b1d89 1492->1494 1497 7ff8a81f7880-7ff8a81f7882 1493->1497 1498 7ff8a81f7889-7ff8a81f788c 1493->1498 1494->1485 1495->1491 1497->1498 1499 7ff8a81f7884-7ff8a81f7887 1497->1499 1500 7ff8a81f7893-7ff8a81f789a 1498->1500 1501 7ff8a81f788e-7ff8a81f7891 1498->1501 1502 7ff8a81f78a0-7ff8a81f78af SetLastError 1499->1502 1500->1502 1501->1502 1503 7ff8a81f78b5-7ff8a81f78e1 BIO_read 1502->1503 1504 7ff8a81f79c0-7ff8a81f79f2 ERR_new ERR_set_debug call 7ff8a81b1d89 1502->1504 1506 7ff8a81f78e3-7ff8a81f78f1 BIO_test_flags 1503->1506 1507 7ff8a81f7911-7ff8a81f7923 1503->1507 1515 7ff8a81f79f7-7ff8a81f7a05 1504->1515 1510 7ff8a81f78f3-7ff8a81f7907 BIO_ctrl 1506->1510 1511 7ff8a81f7909-7ff8a81f790b 1506->1511 1508 7ff8a81f7925-7ff8a81f7928 1507->1508 1509 7ff8a81f792a-7ff8a81f792d 1507->1509 1508->1509 1513 7ff8a81f798c 1508->1513 1509->1502 1514 7ff8a81f7933 1509->1514 1510->1511 1516 7ff8a81f7935-7ff8a81f793c 1510->1516 1511->1507 1511->1515 1519 7ff8a81f798f-7ff8a81f79bb 1513->1519 1514->1519 1517 7ff8a81f7a07-7ff8a81f7a16 1515->1517 1518 7ff8a81f7a29-7ff8a81f7a2b 1515->1518 1520 7ff8a81f793e-7ff8a81f7953 call 7ff8a81b1c49 1516->1520 1521 7ff8a81f7958-7ff8a81f798a ERR_new ERR_set_debug call 7ff8a81b1d89 1516->1521 1517->1518 1522 7ff8a81f7a18-7ff8a81f7a1f 1517->1522 1518->1474 1519->1474 1520->1515 1521->1515 1522->1518 1525 7ff8a81f7a21-7ff8a81f7a24 call 7ff8a81b1988 1522->1525 1525->1518
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flagsmemmove
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                                                                    • API String ID: 3874383451-4226281315
                                                                                                                                                                                                                                                    • Opcode ID: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                                                                                                                                                                                                    • Instruction ID: 8452216df95d70d56227f4cf46b6ec0ee2e6a89d5c31f2d904562bded8346661
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3991CF32A0A682A2FB52DF25D4047BD2294FF44BD8F544632DE4D47A89EFB9D845C328
                                                                                                                                                                                                                                                    Function 00007FF8A820E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1529 7ff8a820e240-7ff8a820e271 call 7ff8a81b1325 1532 7ff8a820e281-7ff8a820e2d9 1529->1532 1533 7ff8a820e273-7ff8a820e27a 1529->1533 1534 7ff8a820e2e8-7ff8a820e2ec 1532->1534 1535 7ff8a820e2db-7ff8a820e2e5 1532->1535 1533->1532 1536 7ff8a820e2f0-7ff8a820e2f5 1534->1536 1535->1534 1537 7ff8a820e334-7ff8a820e34a 1536->1537 1538 7ff8a820e2f7-7ff8a820e2fa 1536->1538 1541 7ff8a820e34c-7ff8a820e351 call 7ff8a81b26a3 1537->1541 1542 7ff8a820e353 call 7ff8a81b224d 1537->1542 1539 7ff8a820e300-7ff8a820e303 1538->1539 1540 7ff8a820e414-7ff8a820e42a 1538->1540 1545 7ff8a820e309-7ff8a820e30f call 7ff8a81b1c62 1539->1545 1546 7ff8a820e500-7ff8a820e505 ERR_new 1539->1546 1543 7ff8a820e42c-7ff8a820e431 call 7ff8a81b15e1 1540->1543 1544 7ff8a820e433 call 7ff8a81b11c7 1540->1544 1553 7ff8a820e358-7ff8a820e35a 1541->1553 1542->1553 1557 7ff8a820e438-7ff8a820e43a 1543->1557 1544->1557 1556 7ff8a820e312-7ff8a820e318 1545->1556 1549 7ff8a820e50a-7ff8a820e528 ERR_set_debug 1546->1549 1554 7ff8a820e5c6-7ff8a820e5cc call 7ff8a81b1d89 1549->1554 1558 7ff8a820e360-7ff8a820e363 1553->1558 1559 7ff8a820e5d1 1553->1559 1554->1559 1556->1534 1563 7ff8a820e31a-7ff8a820e32a 1556->1563 1557->1559 1564 7ff8a820e440-7ff8a820e458 1557->1564 1560 7ff8a820e381-7ff8a820e38d 1558->1560 1561 7ff8a820e365-7ff8a820e377 1558->1561 1562 7ff8a820e5d3-7ff8a820e5ea 1559->1562 1560->1559 1571 7ff8a820e393-7ff8a820e3a3 1560->1571 1566 7ff8a820e379 1561->1566 1567 7ff8a820e37e 1561->1567 1563->1537 1568 7ff8a820e45e-7ff8a820e484 1564->1568 1569 7ff8a820e591-7ff8a820e59b ERR_new 1564->1569 1566->1567 1567->1560 1573 7ff8a820e48a-7ff8a820e48d 1568->1573 1574 7ff8a820e576-7ff8a820e57a 1568->1574 1569->1549 1581 7ff8a820e3a9-7ff8a820e3b7 1571->1581 1582 7ff8a820e5a0-7ff8a820e5c2 ERR_new ERR_set_debug 1571->1582 1578 7ff8a820e493-7ff8a820e496 1573->1578 1579 7ff8a820e557-7ff8a820e565 1573->1579 1576 7ff8a820e57c-7ff8a820e580 1574->1576 1577 7ff8a820e582-7ff8a820e58c ERR_set_debug ERR_new 1574->1577 1576->1559 1576->1577 1577->1554 1584 7ff8a820e498-7ff8a820e49b 1578->1584 1585 7ff8a820e4a0-7ff8a820e4ae 1578->1585 1586 7ff8a820e56f-7ff8a820e574 1579->1586 1587 7ff8a820e567-7ff8a820e56a call 7ff8a81b253b 1579->1587 1588 7ff8a820e3b9-7ff8a820e3bc 1581->1588 1589 7ff8a820e405-7ff8a820e40d 1581->1589 1582->1554 1584->1536 1585->1536 1586->1562 1587->1586 1588->1589 1591 7ff8a820e3be-7ff8a820e3df BUF_MEM_grow_clean 1588->1591 1589->1540 1592 7ff8a820e52d-7ff8a820e555 ERR_new ERR_set_debug 1591->1592 1593 7ff8a820e3e5-7ff8a820e3e8 1591->1593 1592->1554 1593->1592 1594 7ff8a820e3ee-7ff8a820e403 1593->1594 1594->1589
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                                                    • API String ID: 0-3323778802
                                                                                                                                                                                                                                                    • Opcode ID: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                                    • Instruction ID: 3e58ee868c38a02b00cca396a9ec9eca640e55bbb0cbea456a191ca7145f0271
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6691A176B0A646A5FB10EF24E4443B92764FF84BC8F944136DA4D47699DF3CE885C328
                                                                                                                                                                                                                                                    Function 00007FF8B7DE1430 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308215869.00007FF8B7DE1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B7DE0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308198035.00007FF8B7DE0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308295511.00007FF8B7DED000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7de0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module_$FromMetaclassType_$Object$ImportImport_ModuleType$AttrBuildDict_Object_Set_StringValue
                                                                                                                                                                                                                                                    • String ID: _current_tasks$_eager_tasks$_scheduled_tasks
                                                                                                                                                                                                                                                    • API String ID: 1363086864-3186707196
                                                                                                                                                                                                                                                    • Opcode ID: 12fd5d885d44a8ed9b8fe709351bc2f83f353a80f1f930472b50c377f5a435ad
                                                                                                                                                                                                                                                    • Instruction ID: 321d7efb7ff85b98feb65a80b3cfe1868a9ce1c6b2b6c0cf0de95305b4de8a7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12fd5d885d44a8ed9b8fe709351bc2f83f353a80f1f930472b50c377f5a435ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68311C61B08B1382EF069B2DA5541BD2362AF05BD9B485236CF2F667B8DE3DE045C350
                                                                                                                                                                                                                                                    Function 00007FF8B7808EC3 Relevance: 19.6, APIs: 13, Instructions: 140COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1610 7ff8b7808ec3-7ff8b7808f09 call 7ff8b78041e0 1613 7ff8b7808f0b-7ff8b7808f15 call 7ff8b78123a0 1610->1613 1614 7ff8b7808f43-7ff8b7808f4d 1610->1614 1618 7ff8b7808f1a-7ff8b7808f1c 1613->1618 1616 7ff8b7808f69-7ff8b7808f6c 1614->1616 1617 7ff8b7808f4f-7ff8b7808f58 1614->1617 1620 7ff8b7808f6e-7ff8b7808f70 1616->1620 1621 7ff8b7808f81-7ff8b7808f8b 1616->1621 1617->1616 1619 7ff8b7808f5a-7ff8b7808f5e 1617->1619 1618->1614 1622 7ff8b7808f1e-7ff8b7808f20 1618->1622 1619->1616 1623 7ff8b7808f60-7ff8b7808f63 _Py_Dealloc 1619->1623 1620->1621 1624 7ff8b7808f72-7ff8b7808f76 1620->1624 1625 7ff8b7808f8d-7ff8b7808f96 1621->1625 1626 7ff8b7808fa4-7ff8b7808fae 1621->1626 1628 7ff8b7808f31-7ff8b7808f42 1622->1628 1629 7ff8b7808f22-7ff8b7808f26 1622->1629 1623->1616 1624->1621 1632 7ff8b7808f78-7ff8b7808f7b _Py_Dealloc 1624->1632 1625->1626 1627 7ff8b7808f98-7ff8b7808f9c 1625->1627 1630 7ff8b7808fb0-7ff8b7808fb9 1626->1630 1631 7ff8b7808fc7-7ff8b7808fd1 1626->1631 1627->1626 1633 7ff8b7808f9e _Py_Dealloc 1627->1633 1629->1628 1634 7ff8b7808f28-7ff8b7808f2b _Py_Dealloc 1629->1634 1630->1631 1635 7ff8b7808fbb-7ff8b7808fbf 1630->1635 1636 7ff8b7808fea-7ff8b7808ff4 1631->1636 1637 7ff8b7808fd3-7ff8b7808fdc 1631->1637 1632->1621 1633->1626 1634->1628 1635->1631 1638 7ff8b7808fc1 _Py_Dealloc 1635->1638 1640 7ff8b780900d-7ff8b7809017 1636->1640 1641 7ff8b7808ff6-7ff8b7808fff 1636->1641 1637->1636 1639 7ff8b7808fde-7ff8b7808fe2 1637->1639 1638->1631 1639->1636 1642 7ff8b7808fe4 _Py_Dealloc 1639->1642 1644 7ff8b7809019-7ff8b7809022 1640->1644 1645 7ff8b7809030-7ff8b780903a 1640->1645 1641->1640 1643 7ff8b7809001-7ff8b7809005 1641->1643 1642->1636 1643->1640 1649 7ff8b7809007 _Py_Dealloc 1643->1649 1644->1645 1646 7ff8b7809024-7ff8b7809028 1644->1646 1647 7ff8b780903c-7ff8b7809045 1645->1647 1648 7ff8b7809053-7ff8b780905d 1645->1648 1646->1645 1650 7ff8b780902a _Py_Dealloc 1646->1650 1647->1648 1651 7ff8b7809047-7ff8b780904b 1647->1651 1652 7ff8b780905f-7ff8b7809068 1648->1652 1653 7ff8b7809076-7ff8b7809080 1648->1653 1649->1640 1650->1645 1651->1648 1654 7ff8b780904d _Py_Dealloc 1651->1654 1652->1653 1655 7ff8b780906a-7ff8b780906e 1652->1655 1656 7ff8b7809099-7ff8b78090a3 1653->1656 1657 7ff8b7809082-7ff8b780908b 1653->1657 1654->1648 1655->1653 1658 7ff8b7809070 _Py_Dealloc 1655->1658 1660 7ff8b78090bc-7ff8b78090c6 1656->1660 1661 7ff8b78090a5-7ff8b78090ae 1656->1661 1657->1656 1659 7ff8b780908d-7ff8b7809091 1657->1659 1658->1653 1659->1656 1665 7ff8b7809093 _Py_Dealloc 1659->1665 1663 7ff8b78090c8-7ff8b78090d1 1660->1663 1664 7ff8b78090df-7ff8b78090eb 1660->1664 1661->1660 1662 7ff8b78090b0-7ff8b78090b4 1661->1662 1662->1660 1666 7ff8b78090b6 _Py_Dealloc 1662->1666 1663->1664 1667 7ff8b78090d3-7ff8b78090d7 1663->1667 1665->1656 1666->1660 1667->1664 1668 7ff8b78090d9 _Py_Dealloc 1667->1668 1668->1664
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307683054.00007FF8B7801000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B7800000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307626697.00007FF8B7800000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307705255.00007FF8B7815000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307746773.00007FF8B781B000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307779004.00007FF8B781F000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7800000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2745024575-0
                                                                                                                                                                                                                                                    • Opcode ID: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                                                                                                                                                                                                    • Instruction ID: 3daab18009392419b418428a7af521fd17e246dceac7691719cefb292f2fe9fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D271D336F2AB0289FA558B2DA94413E7BE5FF58BD1F184434C70D82A70DE3EA4818748
                                                                                                                                                                                                                                                    Function 00007FF8A820EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                                    • API String ID: 193678381-552286378
                                                                                                                                                                                                                                                    • Opcode ID: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                                    • Instruction ID: 503b4a79a05bdb56ea6d5d8d73e38c61368283704d0c96f33b6736a755afda7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4A1C036A0A546A6FB21EF25E4583B923B5FB807C8F540036DA4D436D9DF3CE985C724
                                                                                                                                                                                                                                                    Function 00007FF8B78A1C90 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307994633.00007FF8B78A1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307937546.00007FF8B78A0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308042923.00007FF8B78C0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308061879.00007FF8B78C1000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308135419.00007FF8B78C7000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b78a0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                                                                                                                                                                                                    • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                                                                                                                                                                                                    • API String ID: 3371007025-2001486153
                                                                                                                                                                                                                                                    • Opcode ID: ba8e0275eb7ae53edb31ef97c2f8e1e5acff8c5ed8bf0fbbc7c7392eccbb918b
                                                                                                                                                                                                                                                    • Instruction ID: 022519d5580198dc9daba6ac5ca5022c6388733226ee2d1048f3278ba62734ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba8e0275eb7ae53edb31ef97c2f8e1e5acff8c5ed8bf0fbbc7c7392eccbb918b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F31AE22B0CB4695EA618B19E8042BD2B60FB85BD0F484131CF5E87BB4DF3CE445C308
                                                                                                                                                                                                                                                    Function 00007FF8B7DE16B9 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308215869.00007FF8B7DE1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B7DE0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308198035.00007FF8B7DE0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308295511.00007FF8B7DED000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7de0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttrObject_String$DeallocImportImport_Module
                                                                                                                                                                                                                                                    • String ID: _task_get_stack$_task_print_stack$_task_repr$asyncio.base_tasks
                                                                                                                                                                                                                                                    • API String ID: 299536401-892118
                                                                                                                                                                                                                                                    • Opcode ID: 53115703cdc97a1b282f4c9d93a9daa018099d852e6ec4844eef5b923becfe5a
                                                                                                                                                                                                                                                    • Instruction ID: eaffe4ed80233ed95a74b0f787147dfb9de281b3164f9bd80da58d329aea56af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53115703cdc97a1b282f4c9d93a9daa018099d852e6ec4844eef5b923becfe5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA017225B49F0395FE179B1DA85427C22A4AF09BD1F4C2235CB6E623B8EF7CF5558220
                                                                                                                                                                                                                                                    Function 00007FF8B8B0442C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84networkthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                                                                                                                                                                                                    • String ID: 3'
                                                                                                                                                                                                                                                    • API String ID: 4284410693-280543908
                                                                                                                                                                                                                                                    • Opcode ID: bf1f35104443e8bdc2e2b3dc93d8a66b39ca7049add94a43049c608f9c8392d5
                                                                                                                                                                                                                                                    • Instruction ID: 1ae0d2da0de526ee6e17705f0dcb884553f32d9de6a00f9c71ed1afdf05c1f2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf1f35104443e8bdc2e2b3dc93d8a66b39ca7049add94a43049c608f9c8392d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D316031B0874386EB688F3AA84457E6690BF487D9F040135EF5EA6BB5DF3CE4468608
                                                                                                                                                                                                                                                    Function 00007FF8B7DE1657 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308215869.00007FF8B7DE1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B7DE0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308198035.00007FF8B7DE0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308295511.00007FF8B7DED000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7de0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttrObject_String$DeallocImportImport_Module
                                                                                                                                                                                                                                                    • String ID: CancelledError$InvalidStateError$asyncio.exceptions
                                                                                                                                                                                                                                                    • API String ID: 299536401-2834584619
                                                                                                                                                                                                                                                    • Opcode ID: 8653cd9b8435265424d397c63cc7322f5db4f2de80bfe725d30894f5968c0b65
                                                                                                                                                                                                                                                    • Instruction ID: 16b181d09207c27b147b3490a2f7fba36c4eb4309652a6a385c04cb33c1cc1a6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8653cd9b8435265424d397c63cc7322f5db4f2de80bfe725d30894f5968c0b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26F07424A49B0395FE178B1DA85417C22A0AF497C5F4C2635CB2E622BCEF3DF555D211
                                                                                                                                                                                                                                                    Function 00007FF8B8CB1132 Relevance: 12.1, APIs: 8, Instructions: 101networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309145812.00007FF8B8CB1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FF8B8CB0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309123846.00007FF8B8CB0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309185509.00007FF8B8CB6000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309205030.00007FF8B8CBA000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309222046.00007FF8B8CBB000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8cb0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ioctl$FromModuleModule_SpecTypeType_closesocketsocket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3646089292-0
                                                                                                                                                                                                                                                    • Opcode ID: 4e14f9fe0293fbf09bee7e81692312db8d643e17916b8b9c1467ccfad0bfef0e
                                                                                                                                                                                                                                                    • Instruction ID: 2fc022eca9adfcd968c0a2e3bd1bd9f38dd83295b22edc32d22f1293abca04fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e14f9fe0293fbf09bee7e81692312db8d643e17916b8b9c1467ccfad0bfef0e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A51ABB2108F468EE3A08F28E45829A3765FB45398F500225EB9D07F98DF3DD65ACB04
                                                                                                                                                                                                                                                    Function 00007FF8A8220710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                                                    • API String ID: 193678381-2714770296
                                                                                                                                                                                                                                                    • Opcode ID: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                                    • Instruction ID: 885b4074a59091915e7821000c123ffdfaa359e047c3460b5290bf8dc10b059f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D616F32A09781A6EB60CF25E4543B937A4FB84B88F088036DB9D47799EF3CD455C728
                                                                                                                                                                                                                                                    Function 00007FF8B8B05950 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 591546834-0
                                                                                                                                                                                                                                                    • Opcode ID: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                                                                                                                                    • Instruction ID: 5f0748e35423f51f4676c4c0fb2f3f6153c770f509e1843da1df662605526ab5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E541CF62E1D64246FE609B79A844B792290BF08BE0F044631DF1D37BF0DF3CE4468658
                                                                                                                                                                                                                                                    Function 00007FF8A81CFAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                                                    • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                                                    • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                                    • Instruction ID: 2c7260f5c0be5bbae8c81fcbb5f28c97cc12416b6c89db786301eb0f86ac20f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1621B022B09746A2E751EB36E4413BD2351EF887C8F580231EA4D0278AEF2CE190C668
                                                                                                                                                                                                                                                    Function 00007FF8B8B04668 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 863680558-0
                                                                                                                                                                                                                                                    • Opcode ID: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                                                                                                                                    • Instruction ID: 9881f6e72b79a73dbcce11627180ecfaa798eedd35efe4f96bca6ef0b4c718a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1014F31B19B4282E3149B7AE84406A73A0FF88BD4F504030EB5E67B74DF3CE4968704
                                                                                                                                                                                                                                                    Function 00007FF8B78A1DA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FF8B78A1DC0
                                                                                                                                                                                                                                                    • PyModule_GetState.PYTHON312 ref: 00007FF8B78A1DD5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B78A1E08: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8B78A1DE6), ref: 00007FF8B78A1E2A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B78A1E08: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8B78A1DE6), ref: 00007FF8B78A1E3C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B78A1E08: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8B78A1DE6), ref: 00007FF8B78A1E47
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B78A1E08: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FF8B78A1DE6), ref: 00007FF8B78A1E75
                                                                                                                                                                                                                                                    • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FF8B78A1DEC
                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON312 ref: 00007FF8B78A3762
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307994633.00007FF8B78A1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307937546.00007FF8B78A0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308042923.00007FF8B78C0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308061879.00007FF8B78C1000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308135419.00007FF8B78C7000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b78a0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_SizeStateT_freeValue_
                                                                                                                                                                                                                                                    • String ID: unknown object '%.100s'
                                                                                                                                                                                                                                                    • API String ID: 2376969911-3113687063
                                                                                                                                                                                                                                                    • Opcode ID: 82eac1858f2f7311b97fa416a6cda790fa35309ca6d5bca797571051d7cfa703
                                                                                                                                                                                                                                                    • Instruction ID: f007dd23a2947bdd4f599563f1b4b44a0c710cad3d2f2a0f2c4f3a80f42dcd4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82eac1858f2f7311b97fa416a6cda790fa35309ca6d5bca797571051d7cfa703
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF03165B1CB4682EE04CB6BA95407D5A62AF8CFD0B484430DF1E87B38DE7CE4458714
                                                                                                                                                                                                                                                    Function 00007FF8B7DE1612 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308215869.00007FF8B7DE1000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FF8B7DE0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308198035.00007FF8B7DE0000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308274889.00007FF8B7DE8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308295511.00007FF8B7DED000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308355103.00007FF8B7DEF000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7de0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttrObject_String$DeallocImportImport_Module
                                                                                                                                                                                                                                                    • String ID: _future_repr$asyncio.base_futures
                                                                                                                                                                                                                                                    • API String ID: 299536401-3081697843
                                                                                                                                                                                                                                                    • Opcode ID: 1f080ac08595b9df825541c240a6507a57e47eaef4de5bd3019a5f132da7cc69
                                                                                                                                                                                                                                                    • Instruction ID: 49ff4954311f277c7a876da44d5197ccfc64e3bcc159cd7c1caab20d1fc5ee3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f080ac08595b9df825541c240a6507a57e47eaef4de5bd3019a5f132da7cc69
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0A520B0DB0395FE178B1D985417C23A0AF08BC5F5C2639CB2E622BCEF3DB5459221
                                                                                                                                                                                                                                                    Function 00007FF8B8C11000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308979658.00007FF8B8C11000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FF8B8C10000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308962770.00007FF8B8C10000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309034589.00007FF8B8C12000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309054685.00007FF8B8C14000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8c10000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                                                                                    • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                                                                                    • API String ID: 1394619730-824592145
                                                                                                                                                                                                                                                    • Opcode ID: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                                                                    • Instruction ID: 8825e7c9e556777cdfb5299b33f71b00a0d9c3f9d79e872d90bec8cf8946733a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE0C0A5E09543C1EBD5EF19ACEC27622917F54F80F456435C30D41690EF2DA9878718
                                                                                                                                                                                                                                                    Function 00007FF8B8B05358 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B03D80: PyErr_Format.PYTHON312 ref: 00007FF8B8B04102
                                                                                                                                                                                                                                                    • PySys_Audit.PYTHON312 ref: 00007FF8B8B053B0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: PyEval_SaveThread.PYTHON312 ref: 00007FF8B8B0444A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: connect.WS2_32 ref: 00007FF8B8B0445D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: PyEval_RestoreThread.PYTHON312 ref: 00007FF8B8B04468
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: WSAGetLastError.WS2_32 ref: 00007FF8B8B04476
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: WSAGetLastError.WS2_32 ref: 00007FF8B8B04482
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: PyErr_CheckSignals.PYTHON312 ref: 00007FF8B8B0448F
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B8B0442C: WSASetLastError.WS2_32 ref: 00007FF8B8B044CC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3308593902.00007FF8B8B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B8B00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308574801.00007FF8B8B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308615266.00007FF8B8B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308675038.00007FF8B8B11000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308694750.00007FF8B8B13000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8b00000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                                                                                                                                                                                                    • String ID: connect$socket.connect
                                                                                                                                                                                                                                                    • API String ID: 2206401578-326844852
                                                                                                                                                                                                                                                    • Opcode ID: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                                                                                                                                    • Instruction ID: 9eb496fbe6c5690d876d4bf862b10793974c148ad19737c7555956029580df19
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24115B21B1CA8681E7209B3AF4507AA7360FF487C4F440132DB4E67A65DF7CE546CB08
                                                                                                                                                                                                                                                    Function 00007FF8A820E5EC Relevance: 4.8, APIs: 3, Instructions: 344COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1231514297-0
                                                                                                                                                                                                                                                    • Opcode ID: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                                    • Instruction ID: e60078dc29fa8c0913a5d540cb8229fac8527984c71b5bcaa9551d55a5003dee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0031E37BA0A202AAF764AE51A48127D27B0FF50BC4F584431DE494369ADF3CECC1C764
                                                                                                                                                                                                                                                    Function 00007FF8A81B1DF2 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1231514297-0
                                                                                                                                                                                                                                                    • Opcode ID: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                                                                                                                                                                                                    • Instruction ID: 6ee58a3862a1c8de3785ac7f7f00a546963c66fb8400c61289ceddb842734cba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9831923AA0A242A9F764BE65A44027D23B5FF44BC4F584431DE494769ADF3CECC1C7A8
                                                                                                                                                                                                                                                    Function 00007FF8B781252E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307683054.00007FF8B7801000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF8B7800000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307626697.00007FF8B7800000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307705255.00007FF8B7815000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307746773.00007FF8B781B000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307779004.00007FF8B781F000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b7800000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dealloc
                                                                                                                                                                                                                                                    • String ID: <module>
                                                                                                                                                                                                                                                    • API String ID: 3617616757-217463007
                                                                                                                                                                                                                                                    • Opcode ID: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                                                                                                                                                                                                    • Instruction ID: 4a6c3fd140e0b2b106de4c01b12f65c5349e3e504e9ec7bf0be96d0ebe000ae8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF05E6AF29B4385FA159B0DA8600BE2B51AF887D1B804035CF0D57EB1EF2CB6418708
                                                                                                                                                                                                                                                    Function 00007FF8A820E330 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,?,-00000031,?,00007FF8A820E9A4), ref: 00007FF8A820E3D7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: M_grow_clean
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 964628749-0
                                                                                                                                                                                                                                                    • Opcode ID: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                                    • Instruction ID: 66cbb3add159c4981a37eab867dfcf1504cb7f2dfbd37124c7333202c15b9810
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39418176A0A68695FB24AF25E15037D2BA1EB44BC8F088535CE8D4779CDF3CE881C724
                                                                                                                                                                                                                                                    Function 00007FF8B78A81D8 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3307994633.00007FF8B78A1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B78A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3307937546.00007FF8B78A0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308015574.00007FF8B78AD000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308042923.00007FF8B78C0000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308061879.00007FF8B78C1000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308135419.00007FF8B78C7000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3308176623.00007FF8B78C9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b78a0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1409375599-0
                                                                                                                                                                                                                                                    • Opcode ID: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                                                                                    • Instruction ID: 24a2719ac9674758078dd2cf8a0da8498fa5e031ca027a1177f79c7b6ad370a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5221BF62B09B5281EA528F8AA80097DABA4BF49BD4F450031EF4D277A4EE3CE401C714
                                                                                                                                                                                                                                                    Function 00007FF8A81B1F46 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_ctrl
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3605655398-0
                                                                                                                                                                                                                                                    • Opcode ID: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                                                                                                                                                                                                    • Instruction ID: ee96e0a5d733459ab601edc918a9a6053af67f58c8d0f87c830f1d9296bccc67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50319A72A0AB8486E750CF61E400BDA77A0FB85B88F484136EF8D4BB59CF38D544CB18
                                                                                                                                                                                                                                                    Function 00007FF8A81B1D43 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_ctrl
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3605655398-0
                                                                                                                                                                                                                                                    • Opcode ID: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                                                                                                                                                                                                    • Instruction ID: 460e650923af1860c1b259a1105b376bebf2d3927336240133d1e5fd08af6a37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73E048F6F0610256F71057659446BB812A0EB99754F541030DE0C86686E76ED9D2C618

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF8A81B1C12 Relevance: 95.0, APIs: 36, Strings: 18, Instructions: 483COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$memcpy$D_get_sizeL_cleanseX_newX_reset$O_ctrl
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic$tls13_change_cipher_state
                                                                                                                                                                                                                                                    • API String ID: 3475700188-318917415
                                                                                                                                                                                                                                                    • Opcode ID: b29c2bc6028ee1f1bb12059b3d6d67ed1f873342f9f61c88aa7ef0c1339314fb
                                                                                                                                                                                                                                                    • Instruction ID: 51f42e1e164f2d922003b59066e4314c172227f8ef79c0391cd70cb7f9599a11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b29c2bc6028ee1f1bb12059b3d6d67ed1f873342f9f61c88aa7ef0c1339314fb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95329B22A0AB42A6FB15DB61E8407F963A4FB847C4F400136EE4D43B99EF3CE555C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B54 Relevance: 84.6, APIs: 45, Strings: 3, Instructions: 596COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$O_free$memcmp$X_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request$tls_process_server_hello
                                                                                                                                                                                                                                                    • API String ID: 1017169752-619482627
                                                                                                                                                                                                                                                    • Opcode ID: 102599edab9d1245af7d949caaf4fea315e2b9aba34f003c4665bf76101dec50
                                                                                                                                                                                                                                                    • Instruction ID: d52e285c1920c75d1dfbcd52b7337930c4c6c07321eb137c77b38d2a7c9bf54b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 102599edab9d1245af7d949caaf4fea315e2b9aba34f003c4665bf76101dec50
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91529C72A0AA82A5F7109B61D8803B963A1FF84BC4F644132DE4D4779DDF3CE5A4C368
                                                                                                                                                                                                                                                    Function 00007FF8A81C4980 Relevance: 77.2, APIs: 5, Strings: 39, Instructions: 243COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_ciph.c$AEAD$AES(128)$AES(256)$AESCCM(128)$AESCCM(256)$AESCCM8(128)$AESCCM8(256)$AESGCM(128)$AESGCM(256)$ARIAGCM(128)$ARIAGCM(256)$CHACHA20/POLY1305(256)$Camellia(128)$Camellia(256)$DHEPSK$ECDH$ECDHEPSK$GOST$GOST18$GOST2012$GOST89$GOST89(256)$GOST94$KUZNYECHIK$MAGMA$MD5$None$PSK$RSA$RSAPSK$SEED(128)$SHA1$SHA256$SHA384$SRP$SSL_CIPHER_description$any$unknown
                                                                                                                                                                                                                                                    • API String ID: 2261483606-1235560867
                                                                                                                                                                                                                                                    • Opcode ID: 5b02cb9eeec5661b9ae98409e0076dd2500787e843868fd6a9092c6d3f127e1d
                                                                                                                                                                                                                                                    • Instruction ID: 02ad6f6647f387602b475a5dc7391476fc7df5be3942cd5bf68162bcf923ab00
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b02cb9eeec5661b9ae98409e0076dd2500787e843868fd6a9092c6d3f127e1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEB17EA1F0F646B5F3BA9B54A4546F86360FF903D0F954072DA4E125E88F3CE948E62C
                                                                                                                                                                                                                                                    Function 00007FF8A81CCB40 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                                    • API String ID: 234229340-1080266419
                                                                                                                                                                                                                                                    • Opcode ID: d880deb2d9298275d53156e737d844acf5362dc37a70cb78887c417700b62fc2
                                                                                                                                                                                                                                                    • Instruction ID: a38ab3ca86bd14a88b921627fa55e2aa8d402f4cae09955ca0aa06bd3a140f57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d880deb2d9298275d53156e737d844acf5362dc37a70cb78887c417700b62fc2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05913E61B0AA42A0EB51EF22D5912B92721EFC5FC4F041032DE1D4B69EEF2DE541C378
                                                                                                                                                                                                                                                    Function 00007FF8A81B1ACD Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 405COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$O_freememcpy$O_zalloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_hello
                                                                                                                                                                                                                                                    • API String ID: 2132817427-1456301196
                                                                                                                                                                                                                                                    • Opcode ID: fe31296bb74389f9af1a5b5efb65c5e411fb909f44afabc2a672daddc9d9e7d0
                                                                                                                                                                                                                                                    • Instruction ID: 81c395f628472bf89a1fc868959fb903a764be4d2eb9e90511819ddc5823b8b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe31296bb74389f9af1a5b5efb65c5e411fb909f44afabc2a672daddc9d9e7d0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C202D662B0EA42E1F724DB25D4902BD3391EF857C0F508131DAAE07A9AEF3CE195C724
                                                                                                                                                                                                                                                    Function 00007FF8A81DEB40 Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free$R_newR_set_debug$R_set_error$D_lock_freeL_cleanse$D_lock_newL_sk_pop_freeO_clear_freeO_free_ex_dataO_new_ex_dataO_zallocX509_free_time64memcpy
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new$ssl_get_new_session
                                                                                                                                                                                                                                                    • API String ID: 2281621947-2527649602
                                                                                                                                                                                                                                                    • Opcode ID: 95ddfd2d6622c0488ef3d8d09f663b5d1dbe99b8f76b901feb038eb3a67387ac
                                                                                                                                                                                                                                                    • Instruction ID: 757fbd5382b3e9414a25fdb7b1ec68ee58f1782c7cc3a20152d2fb753573f986
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95ddfd2d6622c0488ef3d8d09f663b5d1dbe99b8f76b901feb038eb3a67387ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20B18C65B0AA82A2EB45EF22D8557F82365FB84BC4F444035D91D4B29AEF3CE544C738
                                                                                                                                                                                                                                                    Function 00007FF8A81B1992 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$R_set_error$D_priv_bytes_ex$L_sk_new_nullX509_$D_bytes_exD_lock_newE_newE_new_exH_newL_sk_numM_newO_freeO_new_ex_dataO_secure_zallocO_strdupO_zalloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_new_ex
                                                                                                                                                                                                                                                    • API String ID: 864562269-27091654
                                                                                                                                                                                                                                                    • Opcode ID: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                                                                    • Instruction ID: 57f1351140598772db4793cf4cbdf0ecc1b86637ae2d4595b5bc8aaa5e5aa634
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DC1BEA1A1A742A1F752EB61E8527F92294EF847C8F480435DE4D4A7CAEF3CE450C339
                                                                                                                                                                                                                                                    Function 00007FF8A81C7980 Relevance: 51.7, APIs: 25, Strings: 4, Instructions: 927COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$O_mallocstrncmp
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_ciph.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$DEFAULT$ssl_create_cipher_list
                                                                                                                                                                                                                                                    • API String ID: 3221604530-3764566645
                                                                                                                                                                                                                                                    • Opcode ID: 21b4a7d566a0b9a1864755d979d103a93e83fc87563cd864fd66615567e16f39
                                                                                                                                                                                                                                                    • Instruction ID: 5d3a3c1f9b52dce5f428443c2a333162bd842a1d9db69c5432b65203c28b29a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21b4a7d566a0b9a1864755d979d103a93e83fc87563cd864fd66615567e16f39
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73828BB2A0AB46A1DA9ACF49A4806B873E0FB54BC4F288436DF0D47344DF7DD951C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AD7 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\rec_layer_d1.c$do_dtls1_write
                                                                                                                                                                                                                                                    • API String ID: 193678381-4025505965
                                                                                                                                                                                                                                                    • Opcode ID: a7c7b7fc5af5383dc9e08314b4fe858693127c5e4806d23078acf27cddb7bcef
                                                                                                                                                                                                                                                    • Instruction ID: 718f499fe0301e472fc358fd6034d98a25f3d2637327584781d96d268d784d3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7c7b7fc5af5383dc9e08314b4fe858693127c5e4806d23078acf27cddb7bcef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63F19932B0AA82A6E725DB65D8007FD33A0FB847C8F444136DE4E57699DF38E849C724
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B18 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 310COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$L_cleanse$O_freeO_memcmpO_memdupmemset
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_early_data
                                                                                                                                                                                                                                                    • API String ID: 1127568407-4186250837
                                                                                                                                                                                                                                                    • Opcode ID: c5a19426b107fa456073ed578f30350b7f7ef2be0bf41cf037068ba93a4618df
                                                                                                                                                                                                                                                    • Instruction ID: a76941c51d8ad060599896ce36944f52f1573254fe349617e912493ffcf6bed0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5a19426b107fa456073ed578f30350b7f7ef2be0bf41cf037068ba93a4618df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD19E21A0E686A6FB619B61D4443FA22A8EF847C4F544031ED9E477DDEF3CE945C328
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A23 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: N_dupN_free$O_freeO_strdup$R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_srp.c$ssl_srp_ctx_init_intern
                                                                                                                                                                                                                                                    • API String ID: 2354240759-1794268454
                                                                                                                                                                                                                                                    • Opcode ID: c98abb5af24d66d9a004150ee76f33fb4d169395e3b77ac11ed95962e5c191e9
                                                                                                                                                                                                                                                    • Instruction ID: 490176e465fdbefc550d470dc9890824ee4207beee027fc1ba103a64cc04685d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c98abb5af24d66d9a004150ee76f33fb4d169395e3b77ac11ed95962e5c191e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1A16D22A1BB82A1EB55DF24C4507F83360FF84B88F584136EE5D4739AEF68E595C324
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AB4 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeR_newR_set_debug$O_memdup
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_certificate_request
                                                                                                                                                                                                                                                    • API String ID: 1088637640-3868612116
                                                                                                                                                                                                                                                    • Opcode ID: b3d4ee72d450c4104bcc45599041352343e93147c58bf1fe3bb4d88c0e6ca00e
                                                                                                                                                                                                                                                    • Instruction ID: ebf152b53fc0a71528839202edf2dd3e3571932ff7263a9577fa6a591b83d032
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3d4ee72d450c4104bcc45599041352343e93147c58bf1fe3bb4d88c0e6ca00e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3D1AF72E1AA86A5F7209B61D8416FD23A4FB44BC8F144135DE8D17A9EDF3CE180C768
                                                                                                                                                                                                                                                    Function 00007FF8A8229B30 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$X_free
                                                                                                                                                                                                                                                    • String ID: $ $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost18
                                                                                                                                                                                                                                                    • API String ID: 1470995052-4050591057
                                                                                                                                                                                                                                                    • Opcode ID: 5b3c2a2a09d53af87e15bfb03ead91d3a04a26f3d1e54f3233eba0e1f7874035
                                                                                                                                                                                                                                                    • Instruction ID: 22646e42c0b7fb9783500ca1d29689adce23f1b78a8782f40d11dbf8673209fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b3c2a2a09d53af87e15bfb03ead91d3a04a26f3d1e54f3233eba0e1f7874035
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40816A22B1E682A5F764EB25E816AF92255EFC47C0F904132DD5D03A9AEF3CE504C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A05 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeR_newR_set_debug$memcpy$N1_item_free$O_strndupR_set_errorX509_free_time64
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
                                                                                                                                                                                                                                                    • API String ID: 1562032665-384499812
                                                                                                                                                                                                                                                    • Opcode ID: f2b67360e93cc7c251f19407536e2c8d2d71b12425aaf939140afabcc349f3e2
                                                                                                                                                                                                                                                    • Instruction ID: 65ebd2adaf74f3c72a14c58d21d427748b7d361dbb7cd274cae01a26e4f2f07d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2b67360e93cc7c251f19407536e2c8d2d71b12425aaf939140afabcc349f3e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00D10BA2A0AB82A2EB96DF25D5913B833A4FB84BC4F444035DF5D47799DF38E550C328
                                                                                                                                                                                                                                                    Function 00007FF8A821A930 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$O_freeO_mallocO_zalloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_hm_fragment_new
                                                                                                                                                                                                                                                    • API String ID: 116187201-3452528785
                                                                                                                                                                                                                                                    • Opcode ID: fe3d50635c5dad81642564eacd2de79c024f78d0fdea9b7383dc89e421b6f0e8
                                                                                                                                                                                                                                                    • Instruction ID: 41645cd8587431f03b54dc905f7594348bfcf15140039e6c9c613b55bd466c00
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe3d50635c5dad81642564eacd2de79c024f78d0fdea9b7383dc89e421b6f0e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA415B32A1A642B6E720EB29E5415B92360EFD47C4F940035DA4E53A9DEF3CF548C778
                                                                                                                                                                                                                                                    Function 00007FF8A81FDB60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$O_freeR_set_debug$O_strdup
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c$final_server_name$p
                                                                                                                                                                                                                                                    • API String ID: 3774429508-428839542
                                                                                                                                                                                                                                                    • Opcode ID: a3e9257f2e8818161d247c39271903df726ba5826a3275d388ee6d0be3dc4edf
                                                                                                                                                                                                                                                    • Instruction ID: d0ad0cd916dd7e7b48e51ea2513d26d5cbe361c5b53ee4e7d9ae5f0ffc6aa80e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3e9257f2e8818161d247c39271903df726ba5826a3275d388ee6d0be3dc4edf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0581B032A0A682A6EB529B25D4447F82764FB91BC4F080536DE0D077DADFBCE944C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A41 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$O_freeO_memdupmemcmp
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_srvr.c$tls_handle_alpn
                                                                                                                                                                                                                                                    • API String ID: 2318126703-2192547331
                                                                                                                                                                                                                                                    • Opcode ID: 1b4f6adfb6fb3290d486012925d32bd95aa5d00e0c2047962478a8a2109de9cd
                                                                                                                                                                                                                                                    • Instruction ID: ac3e45cb5624eff3ccb1c2cf2335c1ba4c6ce0797caa54de040c2e0ef6d8731d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4f6adfb6fb3290d486012925d32bd95aa5d00e0c2047962478a8a2109de9cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C61D172B0A682A5E751EF25E4006F96394FBC4BC4F480032DE9C477A9EF38E195C728
                                                                                                                                                                                                                                                    Function 00007FF8A81B1997 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$O_clear_freeO_mallocX_freeX_new_from_pkey
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_lib.c$ssl_decapsulate
                                                                                                                                                                                                                                                    • API String ID: 263585440-1707435976
                                                                                                                                                                                                                                                    • Opcode ID: 8c2c40e7a54a007c36c4bb2541894a11023ae1165b9564b9cf0b833faa39e4ce
                                                                                                                                                                                                                                                    • Instruction ID: 5f66fe84a6cc043b7972c5f19a5265a97428915dce95c76929869f1578d722d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c2c40e7a54a007c36c4bb2541894a11023ae1165b9564b9cf0b833faa39e4ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC41A222A0F682A5F711EB52A8155F96354EF86BD4F440032ED8D47B9AEF3CE105C7A8
                                                                                                                                                                                                                                                    Function 00007FF8A81CEC00 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_clear
                                                                                                                                                                                                                                                    • API String ID: 71491925-3113474232
                                                                                                                                                                                                                                                    • Opcode ID: 2095472d90ff3dc08af0a84f1048bf2662dd309149ed0cc4102f33ebd4f18d4f
                                                                                                                                                                                                                                                    • Instruction ID: dfdde3b2f111a1560b4a87a9bc9bf6cf7baed10d9696d75fcb3ef44de2f9866f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2095472d90ff3dc08af0a84f1048bf2662dd309149ed0cc4102f33ebd4f18d4f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1514E76A0AA8291E740EF21D8816BC33A4FB84BD8F484135DE5D4B6DADF38D481C738
                                                                                                                                                                                                                                                    Function 00007FF8A81B19DD Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                                    • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                                                    • Opcode ID: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                                                    • Instruction ID: 61d8837b90ebcc9b14b20a9207816daf056cf666b5265ba0f3175aaf270b6ef3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65416725A0BA4391FB57AF1594547B832A4EF40FD4F180536DDAD0B79ADF6CA841C338
                                                                                                                                                                                                                                                    Function 00007FF8A81D5AE0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$O_realloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$dane_mtype_set
                                                                                                                                                                                                                                                    • API String ID: 945340710-1331952108
                                                                                                                                                                                                                                                    • Opcode ID: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                                                    • Instruction ID: 9d063eed6cba82415d9bb51f246a2b8bc1a777ddb1eecf5a8eb4be9c2c861706
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A841E226A0A686A2E711EB21E8016F96355FF947C8F844431DE5D03B9AEF3CE441C738
                                                                                                                                                                                                                                                    Function 00007FF8A821BB70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free$memcpy
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                                    • API String ID: 1144371060-3140652063
                                                                                                                                                                                                                                                    • Opcode ID: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                                                    • Instruction ID: 0a8947e72a60bf32545593a21185cabf67c676521ff54ce2a889b26b0e6bd2bd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C618C36B0AA42A1EB54EB1AD4512B92361FB80FD4F144036DE4D4B79DEF3DE592C328
                                                                                                                                                                                                                                                    Function 00007FF8A81C3B30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_new
                                                                                                                                                                                                                                                    • API String ID: 1324884158-262037048
                                                                                                                                                                                                                                                    • Opcode ID: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                                                    • Instruction ID: 381e67db85e2a13273a0f4f1dac0820dd2cd3f6e74c277600f1b9fea3363c18b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C221B4B1B0AB42A1F742EB64D8527F93260EF44788F940035D95C0639AFF7CA585C778
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C53 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: N_free$O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                                    • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                                    • Opcode ID: 7b07e68a913cde0de273ed0ac5f4a265e6d35516b7a9a954a98d34e674c1fcca
                                                                                                                                                                                                                                                    • Instruction ID: 62cd58fe09843fec5b7c6f7e1a771250a0a53e9f573ce00303d6a6eb3c15ca7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b07e68a913cde0de273ed0ac5f4a265e6d35516b7a9a954a98d34e674c1fcca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5210E13E1A68291F750EF35C8917FC2320EBD5B88F186631EE5D4A15AEF68A5D0C334
                                                                                                                                                                                                                                                    Function 00007FF8A81F2C10 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: N_free$O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                                    • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                                    • Opcode ID: ee429db63b92b44f81d7029380106cb7e58cc14c187a489d3b6a82d9d9f87fd8
                                                                                                                                                                                                                                                    • Instruction ID: 014ee26d26a82cdacba3a905fb3ba3c1ffe2991def29b06dc63a4f8cc7f923a9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee429db63b92b44f81d7029380106cb7e58cc14c187a489d3b6a82d9d9f87fd8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52210C13E1AA8291F740EF25C8917FC2320EBD5B88F186631EE5D4A15AEF68A5D0C324
                                                                                                                                                                                                                                                    Function 00007FF8A81B5C53 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 398COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                                                                    • API String ID: 3664107999-4057307684
                                                                                                                                                                                                                                                    • Opcode ID: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                                                    • Instruction ID: acc55a93a9b9b747e10b9dde3caa3c68947962f272b60ec697d948e3a3faff0a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99110A66B1E1C261E745EB39A8611F82711EF897D4F4C4170D79C0368BEF2CD854C714
                                                                                                                                                                                                                                                    Function 00007FF8A81C5B10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                                    • API String ID: 439358363-1847046956
                                                                                                                                                                                                                                                    • Opcode ID: ca5298499ed06fed10ddc4ea8fc59caf3b95fe992f612a6575fa8e4e939db649
                                                                                                                                                                                                                                                    • Instruction ID: 731e881faa246c4fe93f5f13868f5a6e4c96104636c22e6b2325618f7aca6fe8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca5298499ed06fed10ddc4ea8fc59caf3b95fe992f612a6575fa8e4e939db649
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46114660E0AA02A2FB01EF66B9553F82695FFD4BC1F440136D91D1639AEF2CE1408738
                                                                                                                                                                                                                                                    Function 00007FF8B8F71AC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                    • Opcode ID: 3f1457cb40ba07d85a9440bc03577fdca5d72a94ac209a419e2686ff93dec302
                                                                                                                                                                                                                                                    • Instruction ID: 372240e4a723840c3152c8d070f45cb28bac4ead460dd252c934c418d831d806
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f1457cb40ba07d85a9440bc03577fdca5d72a94ac209a419e2686ff93dec302
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5315C76608E8195FB608F68E8503ED3764FB84789F44403ADB4E47B88EF38D549C714
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B31 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_supported_groups
                                                                                                                                                                                                                                                    • API String ID: 1233037391-3902054871
                                                                                                                                                                                                                                                    • Opcode ID: 30f95744352fd8dd662230022af1eb064458d4dd2e3cb61ce782a8fa55aceb54
                                                                                                                                                                                                                                                    • Instruction ID: c283efb2c4ceebc63c9feea26d4c0bbd36db258053b88fb4cbb57573595412ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30f95744352fd8dd662230022af1eb064458d4dd2e3cb61ce782a8fa55aceb54
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A041F722F0F682A6E7618B24E5457FD67A4FB943C4F404231EA8C43A89DF3CE691C718
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeO_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_client_hello_get1_extensions_present
                                                                                                                                                                                                                                                    • API String ID: 3444577743-3548336300
                                                                                                                                                                                                                                                    • Opcode ID: a56876e12d39964c807f56196d92a1230fa0c8438abcbc10f6e1a163227674f9
                                                                                                                                                                                                                                                    • Instruction ID: 6fa6310ddc6cb2222f9113e86cd446feebc51b05a5a2c0eaa7cab812056013ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a56876e12d39964c807f56196d92a1230fa0c8438abcbc10f6e1a163227674f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41A0B6B0BB42A2EB51CB15D8452B92361FB44BC8F948431DB0D47795EF7DE441C368
                                                                                                                                                                                                                                                    Function 00007FF8A8215B10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free$R_newR_set_debugX_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request
                                                                                                                                                                                                                                                    • API String ID: 1348149560-64018843
                                                                                                                                                                                                                                                    • Opcode ID: 213024ec94c4d53020c4a3cdbc762f6ab868902f1250f0574e6c7262abefee5e
                                                                                                                                                                                                                                                    • Instruction ID: c712f3fc3a72e0a091366f749b05d634585266114093b51dacc5144b0d39e5c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 213024ec94c4d53020c4a3cdbc762f6ab868902f1250f0574e6c7262abefee5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9231C022B0969192F720DB65E5003BEA364FB85BC0F504132EE8C47A8EDF2DD551CB18
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A32 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeO_memdupR_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_clnt.c$D:\a\1\s\include\internal/packet.h$tls_parse_stoc_cookie
                                                                                                                                                                                                                                                    • API String ID: 1971062095-124488715
                                                                                                                                                                                                                                                    • Opcode ID: b1ad6ea68d2d557ef85a4ab732bcfafd8b4bd79c5b116be8b9ddc289d91a6fca
                                                                                                                                                                                                                                                    • Instruction ID: 68820d5b3ab51c39e280d648d7f7033710562f606fcd5e7afa57af4f8da09755
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1ad6ea68d2d557ef85a4ab732bcfafd8b4bd79c5b116be8b9ddc289d91a6fca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6231E522F1EA9192E7109F25E4516B973A0FB887C8F544131EB9C43759EF3CE6A1C718
                                                                                                                                                                                                                                                    Function 00007FF8A81C5A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_type
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                                    • API String ID: 2104156618-1847046956
                                                                                                                                                                                                                                                    • Opcode ID: eef5b8276f723590ae552029806c1d764aadef3c947d5a7e729dc9ea54875f5f
                                                                                                                                                                                                                                                    • Instruction ID: b9343ab7f7a1443959f489e6fdb46b9e9cd2ade3db6b78d88130c7674117c469
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eef5b8276f723590ae552029806c1d764aadef3c947d5a7e729dc9ea54875f5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2112860E0A602A2FB01EB66A9553F82295EFD4BC1F440032E91C4779AFF2DE5508238
                                                                                                                                                                                                                                                    Function 00007FF8A81C6990 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D_run_onceL_sk_findL_sk_valueR_fetchR_get_flags
                                                                                                                                                                                                                                                    • String ID: NULL
                                                                                                                                                                                                                                                    • API String ID: 186275343-324932091
                                                                                                                                                                                                                                                    • Opcode ID: 96dbb3e44e6d8595a7ef43a1074c1e4d25d4eb8f3a87006026facb1582cd581d
                                                                                                                                                                                                                                                    • Instruction ID: f4513337e6895dc96d78fe830ec189288c8c21da069da82bff3035a54f428d77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96dbb3e44e6d8595a7ef43a1074c1e4d25d4eb8f3a87006026facb1582cd581d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F916DB1A0A642A6FB628F11D8543B933A0EF44BD4F95853ADB9D46785DF3CE841C32C
                                                                                                                                                                                                                                                    Function 00007FF8A81B195B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: C_freeO_freeO_zallocX_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\t1_lib.c$HMAC
                                                                                                                                                                                                                                                    • API String ID: 1369405219-2203423191
                                                                                                                                                                                                                                                    • Opcode ID: 99c0f417389e3b353b54abd066b1e68878303dbd4918a570d850ad37f43cb307
                                                                                                                                                                                                                                                    • Instruction ID: 52d377baa1b90dec3f1a0575edd07c04c7b66c3aa46c466ce3a6a77d3e104ea6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99c0f417389e3b353b54abd066b1e68878303dbd4918a570d850ad37f43cb307
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB214411B0BA4265EA55DB56F44157D5390FF88BC0F440036EA5E47799FF2CE581C724
                                                                                                                                                                                                                                                    Function 00007FF8A81B4BD0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                                                    • API String ID: 3755831613-182491764
                                                                                                                                                                                                                                                    • Opcode ID: c24971b285db655ec1f09dd86150250d1c9e63bb8f1a94002749296bda690d79
                                                                                                                                                                                                                                                    • Instruction ID: 72e018ad5e619eb3d5f12330bfcca484b2c139de89b16f7c98fc9ae6edda93b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c24971b285db655ec1f09dd86150250d1c9e63bb8f1a94002749296bda690d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D21E262B0AB4191EB49DB14EA453B863A8FF58BC4F444131DA5C43799EF3CDDA0C358
                                                                                                                                                                                                                                                    Function 00007FF8A81B193D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\pqueue.c$pitem_new
                                                                                                                                                                                                                                                    • API String ID: 2261483606-3588450676
                                                                                                                                                                                                                                                    • Opcode ID: 2447197149105a9a7f2e62b8085106e6dc276fbd0a93872979345275ebd51390
                                                                                                                                                                                                                                                    • Instruction ID: 67faf73dd78e399ddf409f599ef250bcdf7dc136aa8ca31840223e031e7c57b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2447197149105a9a7f2e62b8085106e6dc276fbd0a93872979345275ebd51390
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2601B172B1AB41A5E780DB15E8417F833A4EB487C0F944036EA1C4379AEF3CE644CB14
                                                                                                                                                                                                                                                    Function 00007FF8A81B4B10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                                                    • API String ID: 3755831613-182491764
                                                                                                                                                                                                                                                    • Opcode ID: 1e86a7e218a2b9a8da94cbb508a3880bb7488e5f87c8f8817e4e08ba21853980
                                                                                                                                                                                                                                                    • Instruction ID: 66d51ca50c4077e6f238f5fcb4ac95463b708c8ad300c91595a5b75536144c59
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e86a7e218a2b9a8da94cbb508a3880bb7488e5f87c8f8817e4e08ba21853980
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 150171A2A06B4191E704EB60E8553B932A4FB58BC4F944134D90C47795EF3DDAD5C364
                                                                                                                                                                                                                                                    Function 00007FF8A81F8A90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer
                                                                                                                                                                                                                                                    • API String ID: 4191474876-3943321158
                                                                                                                                                                                                                                                    • Opcode ID: 7179749567c24ff9b156b58983e49f78a4e1d6337738c05156663fbc9d39120b
                                                                                                                                                                                                                                                    • Instruction ID: 1262e1be94686b6fcfc442a3a697db1e7c85221af2ea845d0d186fd029ad4ed0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7179749567c24ff9b156b58983e49f78a4e1d6337738c05156663fbc9d39120b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4621F672F1A75192FB519724E8417A822A0FB48BC0F440131EE5C43795DF7CDC92C758
                                                                                                                                                                                                                                                    Function 00007FF8A8206C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CRYPTO_realloc.LIBCRYPTO-3(?,?,?,00007FF8A8206F5A,?,?,?,00007FF8A8206A2E), ref: 00007FF8A8206D55
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_realloc
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                                                                                    • API String ID: 3931833713-171970420
                                                                                                                                                                                                                                                    • Opcode ID: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                                                                    • Instruction ID: ee2e656a104a92abea3b25560dd781773d8b8919ea8cc848e6f13b0484f9f83a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E418172A0AB8195EB648B09D884239A7F4FF487C4F548131DE8D43768DF3EE842C719
                                                                                                                                                                                                                                                    Function 00007FF8A8207A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                                    • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                                                    • Opcode ID: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                                                    • Instruction ID: 4a6f47eea650870ebcb82d1bcb3e78a1ac81c0f37b1ed96266d677ff7402692f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D118E32B1AA42A5EB10AB15F4413BD6360FB84BC4F144036EA9C4775DDF7DD580C764
                                                                                                                                                                                                                                                    Function 00007FF8A81B1CA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeO_strdup
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                                    • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                                                    • Opcode ID: 1611209a176ae3b55ce8e3739aee067fd5bde5e7163b2c59ca7aaa397ffcbb6e
                                                                                                                                                                                                                                                    • Instruction ID: 2fbab81f77b9ca3c46fd6085bc8dc2ba1bc8a0e144e95cc8f75f81f47ef54092
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1611209a176ae3b55ce8e3739aee067fd5bde5e7163b2c59ca7aaa397ffcbb6e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B51125F5B0A78291FB638755A18023966A1FB44BC0F084034EB9E47B59DF2DE491C31C
                                                                                                                                                                                                                                                    Function 00007FF8A81E4C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_freeX_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                                    • API String ID: 2813942177-1643863364
                                                                                                                                                                                                                                                    • Opcode ID: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                                                                    • Instruction ID: 064a28a3dafb76ff1d9b4d8d87a54b2371ec696e4452fbce26952929c264fe9a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F0BE51F0B502AAFB1AAB2684493B811D0EF89BC0F644032D91D47792FF1CE581C728
                                                                                                                                                                                                                                                    Function 00007FF8A81D59F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                                    • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                                    • Opcode ID: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                                                    • Instruction ID: 4130a9fa12ad52e00e5b3653c73b9bc09951d39e1dc40c5715f02d1baa432685
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55E09A62B05602E1EB00BB36D8817A83360EB84F88F448030CA0C4B39BEF7DD644C334
                                                                                                                                                                                                                                                    Function 00007FF8A81B19E7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                                    • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                                    • Opcode ID: cc6244fca78a7524dd482868cb2f5aa3ca37d680b7610803850f313aa7fff9c9
                                                                                                                                                                                                                                                    • Instruction ID: 5782f83125d418fecb5e69b05cd938351a07465251d5e6f03cd8df4e567e1704
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc6244fca78a7524dd482868cb2f5aa3ca37d680b7610803850f313aa7fff9c9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26F04F16B06A42A4EB91AB66D4553B87328EBC4FC8F540132DD0D4B696DF2DD487C734
                                                                                                                                                                                                                                                    Function 00007FF8A81CE948 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                                    • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                                    • Opcode ID: 3c1bc5ed2bfbfa9e325826b26eb4bf36f6436fbf29c652bcf3c9fc662e761251
                                                                                                                                                                                                                                                    • Instruction ID: 4ac9f4e5e610e4082a3e60eea9c798ed3d496135cdac31c9ff872cb30ee0bd44
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c1bc5ed2bfbfa9e325826b26eb4bf36f6436fbf29c652bcf3c9fc662e761251
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FE0E592F19581A3F7A2871AF4810B96340E789BD0F980130CB5D473AAFF18D2908718
                                                                                                                                                                                                                                                    Function 00007FF8A81FDAF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                                    • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                                    • Opcode ID: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                                                    • Instruction ID: a50b8258282e8797b8235bedabdb0d43902f4457a3432075ef6a6c5b89913efc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE08C62B0268096F701AB55D8897E42350FB05B89FA81030D90D4BB96EF7E9586C725
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A16 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1724170673-0
                                                                                                                                                                                                                                                    • Opcode ID: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                                                    • Instruction ID: 368626f4c58a0e1e7ccc0e62d431d75f7a03b54e384b707ae542f39d2400749b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D611A511B0A64192EB46DF25E4847B91254FFC4BC4F184430FE4D4B69ADF1DD441C724
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AC3 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D_read_lockD_unlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 102331797-0
                                                                                                                                                                                                                                                    • Opcode ID: b71a81da3f9b22b3d16b60fdff25760f89655af6747ef49561b87cca01bfa7e4
                                                                                                                                                                                                                                                    • Instruction ID: 157044770712ab1dc64d6c098f62482d68c419380fb73e9487f98d532280fae1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b71a81da3f9b22b3d16b60fdff25760f89655af6747ef49561b87cca01bfa7e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F0A722B0A48252FB565B26E941BFC5250EBC4BC0F480431EE1C83686DF1CE4D28618
                                                                                                                                                                                                                                                    Function 00007FF8A81B198D Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1724170673-0
                                                                                                                                                                                                                                                    • Opcode ID: 98599c86363d3f056cccf1b243fa6d626a799a01397ef12d8bfac5c70b291642
                                                                                                                                                                                                                                                    • Instruction ID: e0e7588fa0ff1ff1066d6fca8fdd241b2e5ec853a3718e9213f7c3f13fb8002b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98599c86363d3f056cccf1b243fa6d626a799a01397ef12d8bfac5c70b291642
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CE0E522B0968191EB41AB12F4407FD6254EB88BC4F180030FF4C4779AEF18C5808218
                                                                                                                                                                                                                                                    Function 00007FF8A81C1950 Relevance: 73.7, APIs: 37, Strings: 5, Instructions: 205COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_clear_errorR_endR_readX509_get_subject_name_errno_stat64i32
                                                                                                                                                                                                                                                    • String ID: %s/%s$..\s\ssl\ssl_cert.c$SSL_add_dir_cert_subjects_to_stack$SSL_add_file_cert_subjects_to_stack$calling OPENSSL_dir_read(%s)
                                                                                                                                                                                                                                                    • API String ID: 2506108043-502574948
                                                                                                                                                                                                                                                    • Opcode ID: 3e7396230678ba830db3e7ccb49d7ba82c152a1171f5fcb19e7bb87ff9ee3b0d
                                                                                                                                                                                                                                                    • Instruction ID: 76a90a072631f83d10c0511fb8ca4f3469adc73848c68585d73318fa0c4b45d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e7396230678ba830db3e7ccb49d7ba82c152a1171f5fcb19e7bb87ff9ee3b0d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F9172A1A1E68261F751EB11A4517FE6250EFC5BC4F844032EA8E4779AEF3CE505C72C
                                                                                                                                                                                                                                                    Function 00007FF8A81F0930 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_set_debug$M_construct_octet_string$R_newR_set_errorX_free$D_get0_nameD_get_sizeF_deriveF_fetchF_freeM_construct_endM_construct_intM_construct_utf8_stringX_new
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls13_enc.c$TLS13-KDF$data$digest$key$label$mode$prefix$tls13 $tls13_hkdf_expand
                                                                                                                                                                                                                                                    • API String ID: 2131617303-57965188
                                                                                                                                                                                                                                                    • Opcode ID: c1bfe6db9c518b8f57ed47cfd29ba08204af4eda2012a5f786026bc60db0dfae
                                                                                                                                                                                                                                                    • Instruction ID: 7ed98bd7911f19b53e972c17cbb3f1faac5629c13bcf8ae5acf969a656815b91
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1bfe6db9c518b8f57ed47cfd29ba08204af4eda2012a5f786026bc60db0dfae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAA1CF62E0DA86A5F321DF24D8426F92720FF957C8F405232EE4D1765AEF38E285C324
                                                                                                                                                                                                                                                    Function 00007FF8B9F694B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                                                                                                    • API String ID: 2943138195-1482988683
                                                                                                                                                                                                                                                    • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                                                                                                                                    • Instruction ID: 3363459995a15f32c9d863d3d7aedbef8cc6ce0a6d87c25b3936c78868824cec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF025172E18B9698FB148F6DD8941BC2BB1FB063E6F506135CB0D56B9ADF2C9584C340
                                                                                                                                                                                                                                                    Function 00007FF8A81B1CB2 Relevance: 57.9, APIs: 31, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: X509_X_set0_default$E_freeH_freeM_read_bio_O_freeR_newX509X509_free$E_dupH_newH_retrieveL_sk_new_nullL_sk_pop_freeO_ctrlO_newO_s_fileR_clear_errorR_set_debugR_set_errorX509_get_subject_nameX509_new_ex
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_cert.c$SSL_load_client_CA_file_ex
                                                                                                                                                                                                                                                    • API String ID: 1433350638-4230349072
                                                                                                                                                                                                                                                    • Opcode ID: a7320d74349ba95cad3125b0ddbbca0f0050ec3768799640f05c67585b29605e
                                                                                                                                                                                                                                                    • Instruction ID: 2cc32c9b50231f649fb517067c3fbb27f27bc5291a4dfd077ef03898045ef2da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7320d74349ba95cad3125b0ddbbca0f0050ec3768799640f05c67585b29605e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3515D61B0F64362FB56AB66A8516BA5250EFC5BC0F440031EE6D07B8AEF2CE405C23C
                                                                                                                                                                                                                                                    Function 00007FF8A81BBB00 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBB84
                                                                                                                                                                                                                                                    • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBB8C
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBBED
                                                                                                                                                                                                                                                    • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC01
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC19
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC38
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC55
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC72
                                                                                                                                                                                                                                                    • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBC8A
                                                                                                                                                                                                                                                    • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBCA2
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBCC1
                                                                                                                                                                                                                                                    • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBCDC
                                                                                                                                                                                                                                                    • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBCFB
                                                                                                                                                                                                                                                    • OPENSSL_cleanse.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD1E
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD30
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD48
                                                                                                                                                                                                                                                    • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD5A
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD71
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD78
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD84
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD90
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBD9C
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBDB4
                                                                                                                                                                                                                                                    • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBDD1
                                                                                                                                                                                                                                                    • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A81BC4CB), ref: 00007FF8A81BBDD9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Digest$Update$R_new$Final_ex$Init_exR_set_debugX_freeX_new$L_cleansememcpymemset
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_enc.c$A$ssl3_generate_key_block
                                                                                                                                                                                                                                                    • API String ID: 4105275626-2069633906
                                                                                                                                                                                                                                                    • Opcode ID: ffffbaf81f35c92a875a0dace780bc3a502f1223bace350b89c50d58c3ea538d
                                                                                                                                                                                                                                                    • Instruction ID: 5c2eae096906a9a4b9c4e16e37a50a09e1e97295587b858e76b169081ff02654
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffffbaf81f35c92a875a0dace780bc3a502f1223bace350b89c50d58c3ea538d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3871F652B0A68265FB51AB22D8852FA1354EF85BC8F440032ED5E47B9ADF3CE505C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B19D8 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_client_hello
                                                                                                                                                                                                                                                    • API String ID: 193678381-3629367348
                                                                                                                                                                                                                                                    • Opcode ID: c19b77ee69fccebdcada72dcc2a302fc1777bd908dd456877a71b125138a534d
                                                                                                                                                                                                                                                    • Instruction ID: 74cf94787fd31ec3ccc36d21d50b978f38d4c798d17058cafc6915d87f59290a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c19b77ee69fccebdcada72dcc2a302fc1777bd908dd456877a71b125138a534d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DB19D71B0A68361FB51AB2298113BA2296FF81BC4F284131DE4D47ADADF3CE541837D
                                                                                                                                                                                                                                                    Function 00007FF8A81E6C80 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 366COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: DSA$RSA$gfffffff
                                                                                                                                                                                                                                                    • API String ID: 0-2263753174
                                                                                                                                                                                                                                                    • Opcode ID: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                                                                    • Instruction ID: 03d419e791cf902ecbd715619db18136d88af8b7b684849e0ba1e03fab6e0e25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7D1B031A0E68367FA669A2695503BA52C5FF857C8F540832ED4E877D5FF3CE440C228
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A55 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CipherR_get0_providerR_newR_set_debug$M_construct_endM_construct_octet_ptrUpdateX_get0_cipherX_get_block_sizeX_get_paramsmemmovememset
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\ssl3_record.c$ssl3_enc$tls-mac
                                                                                                                                                                                                                                                    • API String ID: 498158591-3426545738
                                                                                                                                                                                                                                                    • Opcode ID: edfa38cf77493220b5f00a39213bd31510e8c999d8efc3161f2a847f00506121
                                                                                                                                                                                                                                                    • Instruction ID: 1e033b173ba221562dab90e608b4f222a8129df674c008d8f859b3d02dce754f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edfa38cf77493220b5f00a39213bd31510e8c999d8efc3161f2a847f00506121
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA71A222A0EB86A1EB669B15E5017FA6364FF887C8F444132DE8D43B55EF7CE584C314
                                                                                                                                                                                                                                                    Function 00007FF8A81CA930 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 173COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_conf.c$<EMPTY>$SSL_CONF_cmd$cmd=%s$cmd=%s, value=%s$ctrl_switch_option
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2097058995
                                                                                                                                                                                                                                                    • Opcode ID: d37e8bc2247db8ea39923370b579b9681b4d89a9bf636e9b0f7c3792bd37da76
                                                                                                                                                                                                                                                    • Instruction ID: 05cd032ef4113e5d938a85ba2134def61d3ca1d5970a37ebca03dd9971531edb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d37e8bc2247db8ea39923370b579b9681b4d89a9bf636e9b0f7c3792bd37da76
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A61B2A6A0E642A2FB42DB58E8512F96361EB847C4F584032DF4C43BD9DF3CD945C758
                                                                                                                                                                                                                                                    Function 00007FF8B8F72138 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 123threadtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Eval_Thread$Err_Thread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsState_StringThread_release_lockType_
                                                                                                                                                                                                                                                    • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                                                                                                                                                                                                                                    • API String ID: 1400298838-4256478105
                                                                                                                                                                                                                                                    • Opcode ID: 024861a6106d3aa4d6ddea22c97cbfe2d1fb6628fe90f464c247d24666294212
                                                                                                                                                                                                                                                    • Instruction ID: f78618e33a96c2b42624cbbcc493d7ea6e881779609162e5be75f21fd9e11d8b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 024861a6106d3aa4d6ddea22c97cbfe2d1fb6628fe90f464c247d24666294212
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC515139B08E13A2F6109B5AE8541396BA0FB88BD6F404531CF1E87B94DF7CE456C319
                                                                                                                                                                                                                                                    Function 00007FF8A81B1942 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_dane_enable
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2910236719
                                                                                                                                                                                                                                                    • Opcode ID: 732e637d63d256db1ddb73eaab57dc461342250b7c3bd114a68d03938ad656e2
                                                                                                                                                                                                                                                    • Instruction ID: dddb7f455a0f15e1a4e70f14845c12302df22bd1c442d06ee1881578aaa8530b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 732e637d63d256db1ddb73eaab57dc461342250b7c3bd114a68d03938ad656e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC41B3A1B2E682B2F790DB25E8427FC2250EF847D4FD41231E62C026DAEF2CD545C768
                                                                                                                                                                                                                                                    Function 00007FF8A81E99E0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$D_get_sizeR_set_debugY_get_size
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff$tls_choose_sigalg
                                                                                                                                                                                                                                                    • API String ID: 2573607796-412855087
                                                                                                                                                                                                                                                    • Opcode ID: c15afbe78bb01bcd70d637c6ea06af671b4bd5f70e8894de1d5a8abfe34ba7f4
                                                                                                                                                                                                                                                    • Instruction ID: 6921a2bb27f451c9d1657052d91a085ccb10e4185610dc187366bf370f3e7c2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c15afbe78bb01bcd70d637c6ea06af671b4bd5f70e8894de1d5a8abfe34ba7f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12C1D021B0A646A7EB2A9B22A0403B96291FF81BD4F444132DE5E477D5FF3CF452C329
                                                                                                                                                                                                                                                    Function 00007FF8B9F6CDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                    • String ID: `anonymous namespace'
                                                                                                                                                                                                                                                    • API String ID: 3863519203-3062148218
                                                                                                                                                                                                                                                    • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                                                                                                                                    • Instruction ID: 956e9d08a24cd471b88259dd6a27d2a89bd28e3e3a8110ab969681c911281239
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEE15B72A08BC299EB10CF28D8801AD7BA0FB457A5F406136EB8D57B69DF3CE555C710
                                                                                                                                                                                                                                                    Function 00007FF8A82129A0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 195COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8214BBB), ref: 00007FF8A82129DC
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8214BBB), ref: 00007FF8A82129F4
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8214BBB), ref: 00007FF8A8212A21
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8214BBB), ref: 00007FF8A8212A39
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$No ciphers enabled for max supported SSL/TLS version$ssl_cipher_list_to_bytes
                                                                                                                                                                                                                                                    • API String ID: 193678381-2593539604
                                                                                                                                                                                                                                                    • Opcode ID: d584ddfe7eaa467390292888a7cbf4e4318d3ca9e1b883146ba12cac7ef17471
                                                                                                                                                                                                                                                    • Instruction ID: 5eb95e213d7b3f1b74276b1d86f796d4166cabae1649c2d199d4c1f396f3111e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d584ddfe7eaa467390292888a7cbf4e4318d3ca9e1b883146ba12cac7ef17471
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F71D232B0A683A2FB11DB25E8417B92290EF84BD4F544031EE4D47AD9DF3CE981C768
                                                                                                                                                                                                                                                    Function 00007FF8A8221940 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$L_sk_numL_sk_valueO_new
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers$tls_setup_handshake
                                                                                                                                                                                                                                                    • API String ID: 2488525820-2497654048
                                                                                                                                                                                                                                                    • Opcode ID: 1ea2abbcb0a5b0ea4211ad3b53fc8916c12df6fa479c93c6fe42d2783a054ee4
                                                                                                                                                                                                                                                    • Instruction ID: d6a3d48db008322c7d11fad9fe84dd38f0ce1fcbbd82ddf2384d6b3a4dca1d99
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ea2abbcb0a5b0ea4211ad3b53fc8916c12df6fa479c93c6fe42d2783a054ee4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3491CE72A0A682A6E750DF25D4447B92360FBC4BC8F544136DE8C4769EEF3CE581C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B81 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DigestSign$Update$D_get_sizeFinalM_construct_endM_construct_size_tR_get_modeX_ctrlX_freeX_get0_cipherX_get0_mdX_get_pkey_ctxX_newX_set_params
                                                                                                                                                                                                                                                    • String ID: tls-data-size
                                                                                                                                                                                                                                                    • API String ID: 2598929643-2895545602
                                                                                                                                                                                                                                                    • Opcode ID: 1a7a7e676e8a85e5fd75f23676235adf632c74f96e1659e0a6875ff832f67887
                                                                                                                                                                                                                                                    • Instruction ID: c7ef41c57a4dca3a035e0a50f4d25a077e4708f5a9900bb4a825790422f4ce02
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a7a7e676e8a85e5fd75f23676235adf632c74f96e1659e0a6875ff832f67887
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4281D422E0AB82A5E712DB65D4003BD27A0FB95BC8F048132EE4D5B755EF7CE546D324
                                                                                                                                                                                                                                                    Function 00007FF8A81B1BDB Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: E_dupL_sk_new_reserveL_sk_numL_sk_pushL_sk_valueR_newR_set_debugR_set_errorX509_
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_cert.c$SSL_dup_CA_list
                                                                                                                                                                                                                                                    • API String ID: 876855465-3127325357
                                                                                                                                                                                                                                                    • Opcode ID: 26c8c950f315b442794ff6ae20a326b422e549378035f92cda48f836a09ba014
                                                                                                                                                                                                                                                    • Instruction ID: 7caa64b521ab4dff7d3d94c263a5fe17c994a3e94b84498b35991da076ec462e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26c8c950f315b442794ff6ae20a326b422e549378035f92cda48f836a09ba014
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2121ED61F1E742A6F751E725A4522BE6250EF847C0F940032EA5E43B8AEF3CE851C268
                                                                                                                                                                                                                                                    Function 00007FF8B9F6DC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                                                                                                                                    • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                                                                                                    • API String ID: 2331677841-2441609178
                                                                                                                                                                                                                                                    • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                                                                                                                                    • Instruction ID: 79f7f86b19698ebff7298fe6d4d46c1c29fbeabff82071bd15b53d90a85fb32b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18F1AE32E1C78298FB149F6CD9941BC2BB2AF153E6F542135CB0D26BA9DE3CA514D350
                                                                                                                                                                                                                                                    Function 00007FF8A81EEC70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EVP_MD_get_size.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A81F0FE3), ref: 00007FF8A81EEC92
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A81F0FE3), ref: 00007FF8A81EEC9B
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A81F0FE3), ref: 00007FF8A81EECB3
                                                                                                                                                                                                                                                    • EVP_CipherInit_ex.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A81F0FE3), ref: 00007FF8A81EEE98
                                                                                                                                                                                                                                                    • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A81F0FE3), ref: 00007FF8A81EEEAD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CipherD_get_sizeInit_exR_newR_set_debugX_ctrl
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls13_enc.c$derive_secret_key_and_iv$key
                                                                                                                                                                                                                                                    • API String ID: 2359698082-1803617066
                                                                                                                                                                                                                                                    • Opcode ID: 696a213141455faa9ff17da660913f79db2f24ba0cf6463d734fc9240239c88f
                                                                                                                                                                                                                                                    • Instruction ID: 9cb98aaaf28d07e79e70ec33fe341c024f608e848e7ddd8a14ed34beb26747c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 696a213141455faa9ff17da660913f79db2f24ba0cf6463d734fc9240239c88f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA71B53260EB8256F761AB15A841BBA77A4FB85BC4F044135ED8D43B99EF3CE141C728
                                                                                                                                                                                                                                                    Function 00007FF8A81EBAF0 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_puts$O_indentO_printfX509X509_freed2i_
                                                                                                                                                                                                                                                    • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d
                                                                                                                                                                                                                                                    • API String ID: 4063798575-1858050172
                                                                                                                                                                                                                                                    • Opcode ID: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                                                    • Instruction ID: 79651d3345b8bf393b42ce58cd6c5bae7490f97afb53924fea6835f5ab5be700
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31091270E681A6EB14EB16E8512BD6351EF85BD0F444532EE6D47B9EFF2CE001C728
                                                                                                                                                                                                                                                    Function 00007FF8A81DA9E0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate$ssl_set_cert
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2944039091
                                                                                                                                                                                                                                                    • Opcode ID: aea7a62b505d36449234635bc76e0be92653b206264229f0d9473404dc4bcce2
                                                                                                                                                                                                                                                    • Instruction ID: d0b78b2b47aa8314bdea66f1f74dbe7e833d3b1c02700e5bfa92e571ebb31f50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aea7a62b505d36449234635bc76e0be92653b206264229f0d9473404dc4bcce2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1631B266F1E642A2F741EB25E9016B96360EF887C4F944131EA4C43B9EEF2CE541CB74
                                                                                                                                                                                                                                                    Function 00007FF8A81D8B00 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_write_internal
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2859347552
                                                                                                                                                                                                                                                    • Opcode ID: 4debfd64f7e5eb535d8b3e052774701b7195fb8ddc569b04f70dd0001da440ca
                                                                                                                                                                                                                                                    • Instruction ID: b9e7b6cf8da7937f1d4b90e755d27059cf6f16c714c0ddf9ba8a09fd897d50ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4debfd64f7e5eb535d8b3e052774701b7195fb8ddc569b04f70dd0001da440ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D41AF31A0E646A6F750DB25E8427F93260EB84BC8F644531EA4D037EADF3CE455CB68
                                                                                                                                                                                                                                                    Function 00007FF8A81DAAF0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error$X509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate_ASN1
                                                                                                                                                                                                                                                    • API String ID: 4137050946-3038676897
                                                                                                                                                                                                                                                    • Opcode ID: c6f40b39c5523228d6602cf9bdb13ac2ed6b2d0e723d27ed7ff097313f0fdc60
                                                                                                                                                                                                                                                    • Instruction ID: 818b90a1dbcf7d750220cfb5e171c6635e81d55586d65435e3970f16d3e481ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6f40b39c5523228d6602cf9bdb13ac2ed6b2d0e723d27ed7ff097313f0fdc60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19217465B2E641A1EB80E725E8426BD6350EFC87C4F941032FA5D43B9EEF2CD455CB24
                                                                                                                                                                                                                                                    Function 00007FF8B9F6B280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                                                                                                                                    • Instruction ID: 59767798d5f90d25f6265be4f1e77b50c0027f8b3e3931623f3e1f01ee8f6530
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECF14676A08B829EEB11DFB8E4901FC37A1EB0439EB405136EB4D57B99DE38D519C340
                                                                                                                                                                                                                                                    Function 00007FF8A81E49D0 Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D_freeD_newD_push_D_push_uintD_to_paramM_freeN_freeN_get_rfc3526_prime_8192X_freeX_new_from_nameY_fromdataY_fromdata_init
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2253699700-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a65b535e552331fa47700704d4f9052b3df7707199684ef10e6f71c7db5d69b
                                                                                                                                                                                                                                                    • Instruction ID: 2a2ac8dffa2b91bcff824396c8ab550e5ba6d850f53bf3c1423339864358741f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a65b535e552331fa47700704d4f9052b3df7707199684ef10e6f71c7db5d69b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61416D11B0BA42AAFB25AB6694412BC2290FFC5BD0F194136DD1E47796FF2DE502C32D
                                                                                                                                                                                                                                                    Function 00007FF8A8219A90 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219C1C
                                                                                                                                                                                                                                                    • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219C39
                                                                                                                                                                                                                                                    • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219C56
                                                                                                                                                                                                                                                    • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219C6F
                                                                                                                                                                                                                                                    • X509_get0_pubkey.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219CA7
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219CD0
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219CE8
                                                                                                                                                                                                                                                    • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219D06
                                                                                                                                                                                                                                                    • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8216C91), ref: 00007FF8A8219D1E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: N_bin2bn$R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_srp
                                                                                                                                                                                                                                                    • API String ID: 589648786-2175212704
                                                                                                                                                                                                                                                    • Opcode ID: aae21cb67a2bdc093b022af72e57035cabfd8458de464dc6f2f97cb19111c095
                                                                                                                                                                                                                                                    • Instruction ID: 9bc6689aca6d498f1efc2530bd6b21bb2af47bbacae50b233e523761d71185df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aae21cb67a2bdc093b022af72e57035cabfd8458de464dc6f2f97cb19111c095
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD61C772E1DBD152E7219B25A8056BA7391FB897C4F548231EECC1265AEF3CE290C724
                                                                                                                                                                                                                                                    Function 00007FF8A81B19EC Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: L_sk_numL_sk_valueR_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_use_srtp
                                                                                                                                                                                                                                                    • API String ID: 2660725122-2269544924
                                                                                                                                                                                                                                                    • Opcode ID: f325fb01198b6b57507b34d37c796a73c9f844c90a9fcc2e1d121f956633f299
                                                                                                                                                                                                                                                    • Instruction ID: 4e05ed9da62c2144e0d02ad5c29fbc80e63878e84095e39a432ee74e1439fccf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f325fb01198b6b57507b34d37c796a73c9f844c90a9fcc2e1d121f956633f299
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D051B172A0FB92A1E710DB51E8492BA67A5EB857D0F414236ED9C43789EF7CE440C728
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C21 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_ctrlO_int_ctrlO_method_typeO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_set_wfd
                                                                                                                                                                                                                                                    • API String ID: 475579866-2547745303
                                                                                                                                                                                                                                                    • Opcode ID: d85e65c040ba6476efc46dcf5400153df1fbacbc7d13768b7dfbe919c78e6dd2
                                                                                                                                                                                                                                                    • Instruction ID: ed17fe9f4da86ff1a94c910bd79936a9714385854fc68343f3c0eabb27d30b2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d85e65c040ba6476efc46dcf5400153df1fbacbc7d13768b7dfbe919c78e6dd2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3311D222F1E642A2FB55EB25E8426BA5240EFD47C0F481531ED1D07B9AEF2CE4408B68
                                                                                                                                                                                                                                                    Function 00007FF8A81CEAF7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_check_private_key
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2796319112
                                                                                                                                                                                                                                                    • Opcode ID: 3538371cedf08bb77b1a74baf91e0bea9ccaffdb6a36c88db20adb1209e384a5
                                                                                                                                                                                                                                                    • Instruction ID: 10add10d929e0a583fdf620fac47f660b146131df45239a2750e9dbc838ac503
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3538371cedf08bb77b1a74baf91e0bea9ccaffdb6a36c88db20adb1209e384a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A521C365A2E603B2FB50E731C852AF92251EF903C4FE00132D51D026EAEF2CE546C739
                                                                                                                                                                                                                                                    Function 00007FF8B9F63334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 4223619315-393685449
                                                                                                                                                                                                                                                    • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                                                                                                                                    • Instruction ID: 799c6e16e3c5ca2d08a1f69975364a9596d84f8b051d31dd5d8d29d75cbdba2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38D18172A08B828AEB609F69D4402AD7BA0FB56BE9F101135EF8D57B55DF78E490C700
                                                                                                                                                                                                                                                    Function 00007FF8B9F6ED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Replicator::operator[]
                                                                                                                                                                                                                                                    • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                                                                                    • API String ID: 3676697650-3207858774
                                                                                                                                                                                                                                                    • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                                                                                                                                    • Instruction ID: 1b89cc36ffcbe64e366948a2bc23df8d9c9c9a1daa0ad66cd5e65ea4ebf6b442
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B918E22B18BC699FB118F2CD4902B83BA2AB547EAF856132EB4D07795DF3CE515C350
                                                                                                                                                                                                                                                    Function 00007FF8A81BB930 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$DigestO_writeUpdate
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_enc.c$ssl3_finish_mac
                                                                                                                                                                                                                                                    • API String ID: 756221159-923099695
                                                                                                                                                                                                                                                    • Opcode ID: a95665bcd28634358247280886fd913cb70f0aef32b7187c71788c1eaa285f1f
                                                                                                                                                                                                                                                    • Instruction ID: b02a2be5039190f98a1a33f69ad2906fb540a650528820dc5fe079ff5e693a19
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a95665bcd28634358247280886fd913cb70f0aef32b7187c71788c1eaa285f1f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32218361F1E24276FB90E761F996BF91254EF847C0F840131ED6C82A9AEF2CE550C318
                                                                                                                                                                                                                                                    Function 00007FF8A81D79C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_init_wbio_buffer
                                                                                                                                                                                                                                                    • API String ID: 1655923927-1860519770
                                                                                                                                                                                                                                                    • Opcode ID: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                                                    • Instruction ID: c7992d00d631234d7775c1e540c2f3ea8eb1edc0d4d096d6fbb41b5579752604
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1119162F1A64262F794EB61F9427F92290EF943C0F841131EA1D47B9AFF2CE590C764
                                                                                                                                                                                                                                                    Function 00007FF8B8F71190 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                    • Opcode ID: eb90ca1ee577f0b59d2d87c7a67cf798978c29ba68fe58bea907e0dc7a2201bc
                                                                                                                                                                                                                                                    • Instruction ID: fa0e97e328417ecdd4c0b51d6a633ccd71fa420052867b53ed930e7e4f867e8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb90ca1ee577f0b59d2d87c7a67cf798978c29ba68fe58bea907e0dc7a2201bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D681AF38E08E4386F7A09F6D94412B92EA1AF457C2F544135DB4D87796DF3CE49B8318
                                                                                                                                                                                                                                                    Function 00007FF8B9F69164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                                                                                    • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                                                                                                                                    • Instruction ID: 10ab3fa58f898b6b3dbcd2e581f8d1ac412ffa64b7d98d00a8743de04e4e195f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52714872B08B8699EB10DF68D4901EC33B1EB4479DB806436DB0D57B9AEE38D659C390
                                                                                                                                                                                                                                                    Function 00007FF8A81B1956 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$X_copy_exX_freeX_new
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha
                                                                                                                                                                                                                                                    • API String ID: 401794203-262298153
                                                                                                                                                                                                                                                    • Opcode ID: 24e92c9d1fa788a2a7cd987a161bfd58b78f247f229c5a50568caab08e5465c4
                                                                                                                                                                                                                                                    • Instruction ID: 3fa2e647c219b575257033c74d51c243997e237a5aae7d82defacdd7e75f8a8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24e92c9d1fa788a2a7cd987a161bfd58b78f247f229c5a50568caab08e5465c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E117C71E1B682B1FB51EB65D816BF82250EF847C4F480031DE1C466DAFF3CA5818278
                                                                                                                                                                                                                                                    Function 00007FF8A81B1960 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_ctrlO_freeO_newO_s_fileR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_txt.c$SSL_SESSION_print_fp
                                                                                                                                                                                                                                                    • API String ID: 1031916422-1029007293
                                                                                                                                                                                                                                                    • Opcode ID: 106a9bd55cb2b8fb8e07b790415dcdd5f0f90def6dcc75b4bb8a8cafdc8ce664
                                                                                                                                                                                                                                                    • Instruction ID: 02799a1ac8295387cecddc116bf39fb6c76cc842077b89720bbe3352fdfefd60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 106a9bd55cb2b8fb8e07b790415dcdd5f0f90def6dcc75b4bb8a8cafdc8ce664
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F001E521B2E64262E740F766E9425B95351EF887C0F440031F95D43B9EEF2CE545C724
                                                                                                                                                                                                                                                    Function 00007FF8B9F637F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 211107550-393685449
                                                                                                                                                                                                                                                    • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                                                                                                                                    • Instruction ID: b961ca046477a3ae428f48a646d8a46bc4f32263d61e09adfb67c01379c2cc6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03E18E73908BC28AE7209F79D4802AD7BA0FB457A9F142235EB8D57796CF78E581C700
                                                                                                                                                                                                                                                    Function 00007FF8A81B19B5 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c$tls_construct_extensions
                                                                                                                                                                                                                                                    • API String ID: 193678381-3223585116
                                                                                                                                                                                                                                                    • Opcode ID: 08c787ae1785d2847f6281a6e49616cb10735eef7c1c654edfaa429469bbfcdf
                                                                                                                                                                                                                                                    • Instruction ID: 045a91797fe523b8b732dde5b12237911ad36f7dccc0fe1ba42905cf498915b4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08c787ae1785d2847f6281a6e49616cb10735eef7c1c654edfaa429469bbfcdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5451F522A0D68266F761DB26E804BB92294FF847C4F444032DE8D437D9DFBCE945C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1BAE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                                                    • String ID: exporter
                                                                                                                                                                                                                                                    • API String ID: 3991325671-111224270
                                                                                                                                                                                                                                                    • Opcode ID: c449bca63d821f0470d4603290d40571543344f1adfc599f327d5d276f3cdc0f
                                                                                                                                                                                                                                                    • Instruction ID: cdcb088bb453b196c8d0d5ad968332ff39e00b2d8c297c98c00099b723500c73
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c449bca63d821f0470d4603290d40571543344f1adfc599f327d5d276f3cdc0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1517232A0A78256EB629B11E9507FA6394FF89BC4F400132EE8D47749EF7CE944C754
                                                                                                                                                                                                                                                    Function 00007FF8B9F6C7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                                                                                    • API String ID: 2943138195-2239912363
                                                                                                                                                                                                                                                    • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                                                                                                                                    • Instruction ID: 554ada808f17a41db1697e577b7f4e96fb850b2afce1a5c5409a0978bb931aa6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D514E62E18B959CFB118F68E8402BD7BB0BB0A7AAF445136DB8D12B95DF3C9154C710
                                                                                                                                                                                                                                                    Function 00007FF8A81ECBEE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_indentO_printf
                                                                                                                                                                                                                                                    • String ID: ,$NamedGroup: %s (%d)$UNKNOWN$key_exchange:
                                                                                                                                                                                                                                                    • API String ID: 1860387303-2250237447
                                                                                                                                                                                                                                                    • Opcode ID: a7e4a581b3082178f443201ce1f4ff9de1b91a4622e204e9bc047db4b18d94d1
                                                                                                                                                                                                                                                    • Instruction ID: 947ac4ce933596e406c2e80c722707b22f0f1918f7d8a3c082e2730dbf992b62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7e4a581b3082178f443201ce1f4ff9de1b91a4622e204e9bc047db4b18d94d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89410222A1E6E2A6EA22CB19D8041B92F91EB41FC0F094433DD5D17395EF3DE542C728
                                                                                                                                                                                                                                                    Function 00007FF8A821AB20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug$M_grow_clean
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_preprocess_fragment
                                                                                                                                                                                                                                                    • API String ID: 3867660093-2459173683
                                                                                                                                                                                                                                                    • Opcode ID: bcad1f618a939515b9b17526c2b9d3bd63af1911f2b4686603d2ad312544bc0b
                                                                                                                                                                                                                                                    • Instruction ID: b1c52b8d7e637814b663e36ead7d48692209d90d831380d0b8b9088bf57777ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcad1f618a939515b9b17526c2b9d3bd63af1911f2b4686603d2ad312544bc0b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64316F72B0AB81A5E7909B15E4413FD6760EB98BC4F544032DE4D477AADF3CD482C728
                                                                                                                                                                                                                                                    Function 00007FF8A81B1947 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\d1_msg.c$dtls1_write_app_data_bytes
                                                                                                                                                                                                                                                    • API String ID: 1552677711-1870589286
                                                                                                                                                                                                                                                    • Opcode ID: d7058bece10e3601f4c0f81150a421c5e6d30c6262cad76699e9cbfd2afccac0
                                                                                                                                                                                                                                                    • Instruction ID: c9cc3244a4ffe4dde72a8c66eec5e9ecdc5c8e985b4abfbdef86725978ba7af6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7058bece10e3601f4c0f81150a421c5e6d30c6262cad76699e9cbfd2afccac0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1221B361F0E68665F351EB21E8157F96218FF95BD4F600131E95C03BDADF2CE810C268
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C2B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_depr.c$SSL_CTX_set_client_cert_engine
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2801407537
                                                                                                                                                                                                                                                    • Opcode ID: dd8926da48fe554bf7bef03d4ee45b681770d80b6e123e6bbc4578b5fef0e44d
                                                                                                                                                                                                                                                    • Instruction ID: 3520ddd519d8fdde20ba901765b1deb4b6a5485492c5ab5b4d910a4fa7239297
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd8926da48fe554bf7bef03d4ee45b681770d80b6e123e6bbc4578b5fef0e44d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC115E61F1E24262F785E735E9426F91251EF883C0F945031E92D42BDBEF2CE9948628
                                                                                                                                                                                                                                                    Function 00007FF8A81BDC42 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$R_set_error$Y_freeY_get_security_bits
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                                                    • API String ID: 3247900180-780421027
                                                                                                                                                                                                                                                    • Opcode ID: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                                                    • Instruction ID: 2ddbdea8e7194d98e5423bc23280d2a507f949ba5a848dbc44041689d293a3be
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8801D251F1F002A5FB85E325EA566F91241DF823C0F840431E81D47ADBEF2CE885C328
                                                                                                                                                                                                                                                    Function 00007FF8A81B5A7A Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3610643084-0
                                                                                                                                                                                                                                                    • Opcode ID: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                                                    • Instruction ID: d86399ee2fd9561ab6ef2ebe7efa6fa9e138687057700c4ff34256932554b692
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84115A11F0E10366F616FB66951A2BD0246DFC5BD4F144132D82A4BB8AEF2CE543862D
                                                                                                                                                                                                                                                    Function 00007FF8B9F6662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                                                                                                                                    • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                                                                    • API String ID: 1852475696-928371585
                                                                                                                                                                                                                                                    • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                                                                                    • Instruction ID: d8953647ee1a8d580baae80af237be340968764f70d13ee7b245b1209724c1e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28519D62B18B86A2EE20CFA8E8911B96760FF85BEAF405531DB4D47759EF7CE505C300
                                                                                                                                                                                                                                                    Function 00007FF8B9F66FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67069
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67077
                                                                                                                                                                                                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67090
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F670A2
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F67110
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF8B9F671A3,?,?,00000000,00007FF8B9F66FD4,?,?,?,?,00007FF8B9F66D11), ref: 00007FF8B9F6711C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 916704608-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                                                                                    • Instruction ID: 7738415722352f197933ac7d2e92e6b3581a3ec6d69ec7219ca748cf8621009c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1316D21B1ABC2A2EE119F0AE8005B56794BF04BF6F195535DE1E0B7A8EF7CE544C310
                                                                                                                                                                                                                                                    Function 00007FF8A81F9980 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\record\ssl3_record.c$early_data_count_ok
                                                                                                                                                                                                                                                    • API String ID: 476316267-4150192623
                                                                                                                                                                                                                                                    • Opcode ID: 57024454248ba0eee51447f81ee26c85974a6700e108d1ac7d5cc71fd0c652fd
                                                                                                                                                                                                                                                    • Instruction ID: 7877868e6420234a3ad4782b9324ad7a7dff3f94f24a74aeb74da0c217e799da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57024454248ba0eee51447f81ee26c85974a6700e108d1ac7d5cc71fd0c652fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC31E232B0A542A7FB55EB24E4457FD2390EB847C4F554032EA0E4B699EF3CE985C728
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B22 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                                                    • API String ID: 31086664-1847652839
                                                                                                                                                                                                                                                    • Opcode ID: 2c88d434c8cf1806e8fd1677df89b65b16c9a3f0bfbfd464e2d8ae8238af89f1
                                                                                                                                                                                                                                                    • Instruction ID: 314eb0e01e2374f878c062ae612f87453fb6766dda68ab03e4fef34082c55e03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c88d434c8cf1806e8fd1677df89b65b16c9a3f0bfbfd464e2d8ae8238af89f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5821B4A2F1DA8561E720DB24E9012B96360FF897D0F848231EA9C437DAEF3CE591C714
                                                                                                                                                                                                                                                    Function 00007FF8A8210BF3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                                                    • API String ID: 31086664-1847652839
                                                                                                                                                                                                                                                    • Opcode ID: 1fe6c31ecea433c8facf989d7f46b2bc88c07b2a138a6b116675d1ff8645ff0d
                                                                                                                                                                                                                                                    • Instruction ID: 940cadc808a7fb76b6185ea6e260015e06036e43577113134c1ea6c57c0ccf46
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fe6c31ecea433c8facf989d7f46b2bc88c07b2a138a6b116675d1ff8645ff0d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D521D3B2F19B8551E7109B25E8412B9A351EF94BD0F449232EE9D037EEEF3CE4808714
                                                                                                                                                                                                                                                    Function 00007FF8A81DBC40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                                                                    • API String ID: 4194652714-507513155
                                                                                                                                                                                                                                                    • Opcode ID: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                                                    • Instruction ID: e326ab5fa8ecce8c3860239dc59377dfcf79b481e511509f453346eeedf896a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA21DF62B19A42A2EF40DB15E8812BD6360FB89BC0F944132EB4D4379AEF3CD561C724
                                                                                                                                                                                                                                                    Function 00007FF8A81D3A57 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                                                    • API String ID: 2935861444-3152457077
                                                                                                                                                                                                                                                    • Opcode ID: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                                                    • Instruction ID: e6c17ed11a6646fd96f8fd7610154f9ce1894db127e4c73d9901ffec7d7276d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFF0C222F1E64272E740E725E8062F65290EF883C0F840031E91C43B9BFF2CE541CB64
                                                                                                                                                                                                                                                    Function 00007FF8B8F710B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                                                                                                                                                                                                                                    • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                                                                                                                                                                                                                                    • API String ID: 1138974572-1946099957
                                                                                                                                                                                                                                                    • Opcode ID: f121cb2eee6e80a942454bf0bf1bd0c36165a64d1fffbf990f1473ac1b9fb972
                                                                                                                                                                                                                                                    • Instruction ID: 881cfaf29c88e732efa69389a25fc312a8e6fed31d0cc4b95e765aa5d322e446
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f121cb2eee6e80a942454bf0bf1bd0c36165a64d1fffbf990f1473ac1b9fb972
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F018039B09F43A2FA048F2DE8505652764AF0ABD6F845134CB1D0AB54EF6CE05AC304
                                                                                                                                                                                                                                                    Function 00007FF8B9F62C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                                                                                                                                    • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                                                                                                                                    • Instruction ID: 79d91eb5ec410e356762861ca95cb8fa365873ef54ee14067ddf8fd7ad1836de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5051AE21A0ABC282FAA59F1CD4446B867A4AF54FF6F09A435CF8D86795DF7CE442C300
                                                                                                                                                                                                                                                    Function 00007FF8B9F62E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                                                                                                                                    • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                                                                                                                                    • Instruction ID: 55eaba6fd821c135a66caabca78a54836f6fc690378a8b0e3eaffa3b62506bd7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A51B021F1ABC281EA65CF1CD4446B86794AF54FE2F09A535DB8D86795DF7CE441C300
                                                                                                                                                                                                                                                    Function 00007FF8B9F6EB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: {for
                                                                                                                                                                                                                                                    • API String ID: 2943138195-864106941
                                                                                                                                                                                                                                                    • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                                                                                                                                    • Instruction ID: 156b843c957b465687e8b06f5f0ccddb842320eefe4356c87573b372f72d8019
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7513D72A08BC5ADEB019F28D4403E83BA1EB45799F849031EB4C4BBA9DF7CE565C300
                                                                                                                                                                                                                                                    Function 00007FF8B9F6E174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameName::atol
                                                                                                                                                                                                                                                    • String ID: `template-parameter$void
                                                                                                                                                                                                                                                    • API String ID: 2130343216-4057429177
                                                                                                                                                                                                                                                    • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                                                                                                                                    • Instruction ID: f4a716e71083a1100192488dad28b8d2c7258cba9e07f61d3a081c63d48ba4e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56414922F08B9698FB018FA8D8512BC2BB2BB48BE9F541135DF4C26B59DF7CA545C340
                                                                                                                                                                                                                                                    Function 00007FF8A81B19C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ec_pt_formats
                                                                                                                                                                                                                                                    • API String ID: 193678381-302162076
                                                                                                                                                                                                                                                    • Opcode ID: a012173c701b202fdd5d8373fddc64a3d9e99b1ed4de02e621ddb34dfb993357
                                                                                                                                                                                                                                                    • Instruction ID: ff7ec91555fa62cbd107ee730fd72790014a2c69b819766cb177dce4b63d9be4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a012173c701b202fdd5d8373fddc64a3d9e99b1ed4de02e621ddb34dfb993357
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E31C561B0D34261F721A712E5052FA67A0EF84BC4F444031EE8C47B9EDF6CE945C764
                                                                                                                                                                                                                                                    Function 00007FF8B9F6ACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: char $int $long $short $unsigned
                                                                                                                                                                                                                                                    • API String ID: 2943138195-3894466517
                                                                                                                                                                                                                                                    • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                                                                                                                                    • Instruction ID: f0988c0b8c84a20f3a87a0d60703ba617d91d6ca91de8b8a05b70602fb0fe491
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83313A72E18B9188EB128F6CD8941BC3BB1FB097AAF449135DB5D46B68DE3CE504C710
                                                                                                                                                                                                                                                    Function 00007FF8A820FC10 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Digest$Update$Final_exInitX_freeX_new
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3927069315-0
                                                                                                                                                                                                                                                    • Opcode ID: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                                                    • Instruction ID: 6af58ea5d1e2ed04fa4c1d8849ac671851037efd5260827926faebec6e529495
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A219261B0A74255EA50E716A9522BE5260EF85BC0F480035FE4E477DFEF3CE8418718
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C67 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_lib.c$ssl3_output_cert_chain
                                                                                                                                                                                                                                                    • API String ID: 193678381-603691555
                                                                                                                                                                                                                                                    • Opcode ID: f081b8c109e92a1b4520bf5d4836e297576145d0270ff87205bc6287f4a9dde4
                                                                                                                                                                                                                                                    • Instruction ID: 3016537e5852e7e5643779a3cb52277e6f98c2b3321b9b72b88fa099197d2847
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f081b8c109e92a1b4520bf5d4836e297576145d0270ff87205bc6287f4a9dde4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F214F31F1E182A1E790D726E9456B95654EFC87C0F844031EE4D87B9EEF2CE541C768
                                                                                                                                                                                                                                                    Function 00007FF8A81D7C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_peek_internal
                                                                                                                                                                                                                                                    • API String ID: 1552677711-1363730714
                                                                                                                                                                                                                                                    • Opcode ID: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                                                    • Instruction ID: ce6ed4d664ec35ed9d2d621bb246cc3d84f2528ceec54ee04f9196cf70bf6365
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0821B232A0A782A5E711DB15E4413AA73A0FB84BC4F580535EE9D03BA9DF3CD142CB64
                                                                                                                                                                                                                                                    Function 00007FF8A81FD9F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c$final_renegotiate
                                                                                                                                                                                                                                                    • API String ID: 193678381-1135624566
                                                                                                                                                                                                                                                    • Opcode ID: 1a7262c2a771920ea0613e27e9eb0b7673a5ec7af0afdd2d19e460d6755fe7da
                                                                                                                                                                                                                                                    • Instruction ID: e142af664173ac216d5978949b15ba7351984aefcffd6262399aa3fb09eb5e62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a7262c2a771920ea0613e27e9eb0b7673a5ec7af0afdd2d19e460d6755fe7da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6119162F1A142AAFB52D764D84ABF42250EF84790F844832D91D066D6EF6CA9C2C738
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A5A Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_errorY_free
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_PrivateKey_ASN1
                                                                                                                                                                                                                                                    • API String ID: 3531505993-1502814970
                                                                                                                                                                                                                                                    • Opcode ID: 3a6c7bc6665b9e7f4110a1dbfc7a7522c84964e7b4f4a0f192ab00262448a87b
                                                                                                                                                                                                                                                    • Instruction ID: c2ee6aa7ae487d64a8cb0ae3ca0c5f481965e7603fda14b525edd600923fa4b0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a6c7bc6665b9e7f4110a1dbfc7a7522c84964e7b4f4a0f192ab00262448a87b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7018466B0EA41A1E741EB25E5412FD63A0FF897C0F944031EA4C43B9AFF3CD554CA28
                                                                                                                                                                                                                                                    Function 00007FF8B8F726A8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                                                                                                                                                                                                                                    • String ID: can't allocate lock
                                                                                                                                                                                                                                                    • API String ID: 214698565-1504453919
                                                                                                                                                                                                                                                    • Opcode ID: d94c3e7382fc6bdb3565522f2238be69152e9bb73497608510765ad1451ebbd6
                                                                                                                                                                                                                                                    • Instruction ID: 5151008a043cfb552c2984d011a2acccfca7311f23d238869560680c59f9ffe9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d94c3e7382fc6bdb3565522f2238be69152e9bb73497608510765ad1451ebbd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE111839A09F4391FB544F29A94433827E1BB48B9AF441439CB4E41390EF7CA4478309
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AAA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_errorY_get0_group
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\tls_depr.c$ssl_set_tmp_ecdh_groups
                                                                                                                                                                                                                                                    • API String ID: 2690379533-3926364423
                                                                                                                                                                                                                                                    • Opcode ID: d1aefb1aaf028bbb007f9da85ebefceede372a61937f9bb57e0280b92e391996
                                                                                                                                                                                                                                                    • Instruction ID: ca396075533dfbdad4cae868bdbfb9e9186aec467d205907e22ae969da8b4096
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1aefb1aaf028bbb007f9da85ebefceede372a61937f9bb57e0280b92e391996
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE01DF61F1E242A5FB41E725A9026F92251EF887C0F940031E94D43B9BEF2CD880C628
                                                                                                                                                                                                                                                    Function 00007FF8B9F6ADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 168861036-0
                                                                                                                                                                                                                                                    • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                                                                                                                                    • Instruction ID: 897ef44d6220ba5fbf3e2a63d9a834f3839729b1fb9dd9788de6b658ea148c3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92717972A18B9289E7018FADE8902BC3BA1BB507E6F519135EB0D17B99CF7CE441C340
                                                                                                                                                                                                                                                    Function 00007FF8B9F669F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3741236498-0
                                                                                                                                                                                                                                                    • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                                                                                                                                    • Instruction ID: 12991291da369dcc14f0388d540761fafb2b349a39bd02ec692c63f8ffc1f2a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA31A122B19BD191EB15DF6AE80456927A0FF4AFF1B599635DE2D03780EE3DE441C300
                                                                                                                                                                                                                                                    Function 00007FF8B9F63F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                                                                                                                                    • Instruction ID: b6b7d1b4f236da024bad46325152e59880d4ec174c14f2c50a53cb066fa5580a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A91CF73A08BD28AE711DF68E8802AD7BA0FB45799F105139EB8D17B59DF38E195C700
                                                                                                                                                                                                                                                    Function 00007FF8B9F6C540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                                                                                    • API String ID: 2943138195-757766384
                                                                                                                                                                                                                                                    • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                                                                                                                                    • Instruction ID: de43c34d3dc49d95d7c251584b5e70f399cbeb73023b199eb6277328907a0de9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9717C72A08B8288EB548F2CD9500BC7BA5BB097E6F846535DB9D57B99DF3CE160C340
                                                                                                                                                                                                                                                    Function 00007FF8B9F63CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                                                                                                                                    • Instruction ID: 7a5df23cdf46efb61bd753c08f30a7aa0f7910c7482d040cac200081bbf15742
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA61B232918BC582E7618F19E4403AABBA0FB95BE5F045235EB9D07B55DF7CE194CB00
                                                                                                                                                                                                                                                    Function 00007FF8B9F65C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeader
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 104395404-1441736206
                                                                                                                                                                                                                                                    • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                                                                                                                                    • Instruction ID: c9b22e030c1df5507a64c53a125d0fcd7afec267641f090de0eee6818202ba9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD51BE32A1978296EAA09F29D14017E2AA0FF557E6F142135DF8D67781DF3CF861C740
                                                                                                                                                                                                                                                    Function 00007FF8A81D49A6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_ctrlR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_write_early_data
                                                                                                                                                                                                                                                    • API String ID: 3777157029-3084438645
                                                                                                                                                                                                                                                    • Opcode ID: b64caff3e830c64fb9b79d6ba9e379cac4744efc1bdb6f067198b4ae53f652c4
                                                                                                                                                                                                                                                    • Instruction ID: ce43aca0a49bb6f2b68192f4c9f5f41a87c1923f723fd9c519147fb8b01c8892
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b64caff3e830c64fb9b79d6ba9e379cac4744efc1bdb6f067198b4ae53f652c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97318062B0A642A7F76ADB22D6813BD6790FB447D0F100036DB5D43686DF3CE461CB28
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_msg.c$ssl3_do_change_cipher_spec
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2597545827
                                                                                                                                                                                                                                                    • Opcode ID: 396dfe84239bcc4f7de47202a2e46f42dd99596e70bd6f52f4e63e825aefa645
                                                                                                                                                                                                                                                    • Instruction ID: 31a993ee122a117ed31a977868dfdeb7ccda6ba058c36adf5ff6f6f6b96ff4ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 396dfe84239bcc4f7de47202a2e46f42dd99596e70bd6f52f4e63e825aefa645
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C521A262B1A64592FB44DF29E8843FD2390FB88BC4F984031DA4D87795DF38C882C758
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B3B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugmemset
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_next_proto
                                                                                                                                                                                                                                                    • API String ID: 2489314161-3748680027
                                                                                                                                                                                                                                                    • Opcode ID: a63ed33d5ae16ae017d3757c2c6a9199de8a0d40b97f66390abf19fc98b05f30
                                                                                                                                                                                                                                                    • Instruction ID: 18ccd16db82bee6c71963e211d96add0bbcd43e90178be27c196e3f048ca6b70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a63ed33d5ae16ae017d3757c2c6a9199de8a0d40b97f66390abf19fc98b05f30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11D322B2968151E740DB52F4457FA6210FB88BC4F440031EE4D8BB8EDF2CD541C764
                                                                                                                                                                                                                                                    Function 00007FF8A81D7B20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$RSA$ssl_log_rsa_client_key_exchange
                                                                                                                                                                                                                                                    • API String ID: 193678381-1475867426
                                                                                                                                                                                                                                                    • Opcode ID: f63da21c475a7f83d47ad1fdf2e90d13d45e81726cadcc5edb9713703b8c50f9
                                                                                                                                                                                                                                                    • Instruction ID: 090ec467785a4858dcfdc780a3d7e55ff26021f65d8d3d5a68c227ef327c6b31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f63da21c475a7f83d47ad1fdf2e90d13d45e81726cadcc5edb9713703b8c50f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F0F665F2A646A2E700E761FC056F56254EF943C0F840030DD8C4779AEF2CE290C778
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$SSL_peek
                                                                                                                                                                                                                                                    • API String ID: 1552677711-1473178562
                                                                                                                                                                                                                                                    • Opcode ID: b7337fe6ce6d8c032f6f18129c067dc5f31905d5b9b69bec1520e975fd3ce44c
                                                                                                                                                                                                                                                    • Instruction ID: bb30f12ce825e6dcf59c36d072b261d01fcefe9e18d6fe91819543a253d765d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7337fe6ce6d8c032f6f18129c067dc5f31905d5b9b69bec1520e975fd3ce44c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F05E65E1B15666E751E325D842AF92210EF95780FE00131E62C429E7EF2CE545CA64
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B2C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_check_srvr_ecc_cert_and_alg
                                                                                                                                                                                                                                                    • API String ID: 1552677711-1191861246
                                                                                                                                                                                                                                                    • Opcode ID: c41aa21bc8e69c49e68a36b23f3fdc6b30ceacc36a38453507638091020d385f
                                                                                                                                                                                                                                                    • Instruction ID: f719e14f5c274d6b3d04dde488677437708a9be47f077e89f78700781c811219
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c41aa21bc8e69c49e68a36b23f3fdc6b30ceacc36a38453507638091020d385f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F01559E1A19262F795A729C8463F81290EF843C4FD05170E51D42AD6EF2CA68ACB39
                                                                                                                                                                                                                                                    Function 00007FF8A81CBA10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBA70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBAD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBB30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBB90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBBF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8A81CBC50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                                    • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                                    • Opcode ID: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                                                    • Instruction ID: 0091a31f0d9c3d3e4c707103096ee3fb7000c559a8dbdce6afaf1d5bbae9f8e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FE0EC19F2A14276F340F77098575F91210EF91390FD04031E00D42A9AEF2CA589C774
                                                                                                                                                                                                                                                    Function 00007FF8B9F6A920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 826178784-0
                                                                                                                                                                                                                                                    • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                                                                                                                                    • Instruction ID: 3d824b325808095136967a09622561736de41bbab67ff809b561d84aa46bc543
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D414822A19B92D8EB00DF29D8901B837B4BB15BE5BA66132EB4D53795DF3CE855C300
                                                                                                                                                                                                                                                    Function 00007FF8B8F72578 Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object_$ClearDeallocRefsThread_free_lockThread_release_lockTrackWeak
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 778659985-0
                                                                                                                                                                                                                                                    • Opcode ID: 4c2e9cd9dc90bcaed0c0b40945fb6d01ed7b17de78bc3f335a10123fcf14e4e5
                                                                                                                                                                                                                                                    • Instruction ID: 69bd67373ea1f77de5d5d3b0442abb1b5d797ff148a3157ad2e14c06e68000ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c2e9cd9dc90bcaed0c0b40945fb6d01ed7b17de78bc3f335a10123fcf14e4e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3701C83AA08A8392FB189F69E9553782B60FF45BD6F445030DB0A46764DF3CD496C305
                                                                                                                                                                                                                                                    Function 00007FF8B9F6470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F6488B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort
                                                                                                                                                                                                                                                    • String ID: $csm$csm
                                                                                                                                                                                                                                                    • API String ID: 4206212132-1512788406
                                                                                                                                                                                                                                                    • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                                                                                                                                    • Instruction ID: 87fe9a88b844edca7a81be8e63df6c04699d6eade4b7b923e10a5d65f9058d4f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB71BD32A087C186DB619F2AD09037D7BA0FB42BEAF14A135DB8D47B89CB2CD561C744
                                                                                                                                                                                                                                                    Function 00007FF8B9F644E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F645DB
                                                                                                                                                                                                                                                    • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8B9F645EB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 4108983575-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                                                                                                                                    • Instruction ID: 0f30fa8b4f6c4897b0b636a872c2d2be793d3b4b35d356b3f62553996132f6c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87517E72D087C286EB64AF19D5442687AA0FB51BEAF146135DB8D47BD5CF3CE860CB00
                                                                                                                                                                                                                                                    Function 00007FF8A81BABB2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\s3_enc.c$ssl3_change_cipher_state
                                                                                                                                                                                                                                                    • API String ID: 193678381-4073342769
                                                                                                                                                                                                                                                    • Opcode ID: dceba1c64097241615e0fc1703333ee8f5fcd1dc3d3c998e940b48410fd7c00a
                                                                                                                                                                                                                                                    • Instruction ID: 39efba7e762d56eca40a89b33e183263cd600f9fd6df302020e0c239bc12efb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dceba1c64097241615e0fc1703333ee8f5fcd1dc3d3c998e940b48410fd7c00a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F01F563A0A24279F302DB11BC05AF96358FB887D8F440430EE4C02A56EF38D287C314
                                                                                                                                                                                                                                                    Function 00007FF8B9F6B118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameName::
                                                                                                                                                                                                                                                    • String ID: %lf
                                                                                                                                                                                                                                                    • API String ID: 1333004437-2891890143
                                                                                                                                                                                                                                                    • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                                                                                                                                    • Instruction ID: 94f92181f7501dac0aeeca91ec46e1965d73ab12c3ff662e90465781a9c48149
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD31C361A0CBC685E611DF69F8500BA77A1BF55BE3F54A236EB8E47791DE2CE141C300
                                                                                                                                                                                                                                                    Function 00007FF8A81B1A87 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_use_srtp
                                                                                                                                                                                                                                                    • API String ID: 0-3251434361
                                                                                                                                                                                                                                                    • Opcode ID: 45b170a69d85541e434e019c63cc44df867896feb47ff342777d27cb72417df9
                                                                                                                                                                                                                                                    • Instruction ID: 537667dcf9e32793e3b5368e1f472ffdadfedc581160139411488ebbbf9e9e42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45b170a69d85541e434e019c63cc44df867896feb47ff342777d27cb72417df9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF21B051F1B14265FB54A722E9457BA1265EF887C4F884030DD4D8BBCAEF2CE881C768
                                                                                                                                                                                                                                                    Function 00007FF8A81B1910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_psk_kex_modes
                                                                                                                                                                                                                                                    • API String ID: 193678381-1556962829
                                                                                                                                                                                                                                                    • Opcode ID: cdd95a2c04ed8f8ce0607f79ecbdc1296ad63eea15873b9a66f48712a1d54aff
                                                                                                                                                                                                                                                    • Instruction ID: a6fa44bd0642182d253a9b4b6b54d089e565efb205872b94113c19f5367a2343
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdd95a2c04ed8f8ce0607f79ecbdc1296ad63eea15873b9a66f48712a1d54aff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4421DBA2E0E286E6FB519B60D4055F97360FF993D8F145131DE8C46289EF1CEA90872C
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_next_proto_neg
                                                                                                                                                                                                                                                    • API String ID: 193678381-2301358877
                                                                                                                                                                                                                                                    • Opcode ID: 86373516f0e2d0f54e3e4f290b2bbd539807c85866fdb5af1cf34785d53321ec
                                                                                                                                                                                                                                                    • Instruction ID: ff6cc31bb36da9bb308a06ac1273e0b8f53b01ee09dd773561edcd0ad79781d0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86373516f0e2d0f54e3e4f290b2bbd539807c85866fdb5af1cf34785d53321ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A21D122B0E242A6EB50CB16E4457FA6364EBC57C8F484431EE4C47B9AEF3DD941CB54
                                                                                                                                                                                                                                                    Function 00007FF8A81FEC00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c$final_early_data
                                                                                                                                                                                                                                                    • API String ID: 193678381-1817123252
                                                                                                                                                                                                                                                    • Opcode ID: 3a9a25aac602284c858c6e799458309d4d0e5e79e1dde57f44a79b01c9e08b2f
                                                                                                                                                                                                                                                    • Instruction ID: 893827d6fd9455d2dee4a3e7a52af2d993d942a5b151048d5e0a48edd38237eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a9a25aac602284c858c6e799458309d4d0e5e79e1dde57f44a79b01c9e08b2f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6218E61E071429AFB66A629C44ABF82290FF447D8F584436E50C4A2D1DFBD9CC6CA68
                                                                                                                                                                                                                                                    Function 00007FF8A81B1AA5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_server_name
                                                                                                                                                                                                                                                    • API String ID: 193678381-1140354471
                                                                                                                                                                                                                                                    • Opcode ID: 750eeb9985e7062bd7bd9dcf4792437d502d0fd801e853246b1c25637d4aad2e
                                                                                                                                                                                                                                                    • Instruction ID: 4489137e56f49a6491593efc54e4268e45687a4d211f404d22c44e33a3ccc6d0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 750eeb9985e7062bd7bd9dcf4792437d502d0fd801e853246b1c25637d4aad2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7611DA21B4A185A6FB54E716E4857F96260EF847C4F584430DE0D876DBDF2CDC81C714
                                                                                                                                                                                                                                                    Function 00007FF8A81EEB60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_indentO_printf
                                                                                                                                                                                                                                                    • String ID: %s=0x%x (%s)$UNKNOWN
                                                                                                                                                                                                                                                    • API String ID: 1860387303-4219816433
                                                                                                                                                                                                                                                    • Opcode ID: 99a4b063b3fab589dd76ce346bf8918259384f159b371a5cd85ffd6c809e88cb
                                                                                                                                                                                                                                                    • Instruction ID: 2239ca87e0e7b8eb9e67b89e1c05e355c366a04d8f12a6d5faf099f5faef3f35
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99a4b063b3fab589dd76ce346bf8918259384f159b371a5cd85ffd6c809e88cb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A721A232A09B8596D7219F16E45013977A0F789BD0F444136EB9E43BE9EF3CD540C724
                                                                                                                                                                                                                                                    Function 00007FF8A8228C10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_srvr.c$tls_handle_status_request
                                                                                                                                                                                                                                                    • API String ID: 193678381-662828239
                                                                                                                                                                                                                                                    • Opcode ID: cb11e02509da6950250a63b60ff7b367a1c661b4e920f280ab37e77340e9698b
                                                                                                                                                                                                                                                    • Instruction ID: 0422f8a0f3bfb809f9c43932b0dc6dc965fcf2138fd2df4d49433bee2bf244ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb11e02509da6950250a63b60ff7b367a1c661b4e920f280ab37e77340e9698b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21A222B0B68295FB599B29C8483F82290EB85BD4F984035CD2C4B3D9EF3DD591C728
                                                                                                                                                                                                                                                    Function 00007FF8B8F725F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_$KeywordsModulePositionalType_
                                                                                                                                                                                                                                                    • String ID: SimpleQueue
                                                                                                                                                                                                                                                    • API String ID: 3925802263-3395603730
                                                                                                                                                                                                                                                    • Opcode ID: b2ad81911b2a31d446dd87bc841229d8022e1abee216a269caa15919e66a9b65
                                                                                                                                                                                                                                                    • Instruction ID: 2c7d97f6e14ce5d46150f5a4a6b22f8f4be29f7766af4fa3b37f2da986f5af77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2ad81911b2a31d446dd87bc841229d8022e1abee216a269caa15919e66a9b65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0113A3AB09E83A4FA508F1AE84056A6BA0BB44FC6F884032CF5D57754EF7CD4938708
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_dtls.c$dtls_construct_change_cipher_spec
                                                                                                                                                                                                                                                    • API String ID: 193678381-1275380453
                                                                                                                                                                                                                                                    • Opcode ID: de480bc5cc061fd9856c80761e82027197f765c8599161cb22b9137af11547ac
                                                                                                                                                                                                                                                    • Instruction ID: cbf3da0cae33298f4f657ad762b3eab6cf684b5521b53d5bcadf442d6530cb0a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de480bc5cc061fd9856c80761e82027197f765c8599161cb22b9137af11547ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11018161F0A241A2E7519765D8497F82254EBD4BC4F544031DE4C47795EF2CD5C1C268
                                                                                                                                                                                                                                                    Function 00007FF8A81FEB50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions.c$final_sig_algs
                                                                                                                                                                                                                                                    • API String ID: 193678381-3611835258
                                                                                                                                                                                                                                                    • Opcode ID: 99d69e5dc2549d8c46bf470cb3db15e3bad882841d918bc8739831bfb958df0c
                                                                                                                                                                                                                                                    • Instruction ID: b22cf77b58529ba52db7d0f40c12e6b3f1cc48624e91832cd36c860d5bc6f12f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99d69e5dc2549d8c46bf470cb3db15e3bad882841d918bc8739831bfb958df0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2601A272E0A942A2F752E76DD845BF82340EF40784F844433D90D866E9DF6C99D1C629
                                                                                                                                                                                                                                                    Function 00007FF8A81EDBC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_printf
                                                                                                                                                                                                                                                    • String ID: %02X$%s (len=%d):
                                                                                                                                                                                                                                                    • API String ID: 601296420-4138326432
                                                                                                                                                                                                                                                    • Opcode ID: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                                                    • Instruction ID: 3dec851fee5eb07adad7882354b452062582e4b63ac6363cd13c2f5d8f79b749
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D018F22B1BB52A5E611AB16A5404B8A721FB84FC0F085031FE4D0BB5ADF6CD541CB28
                                                                                                                                                                                                                                                    Function 00007FF8A81B197E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_process_message
                                                                                                                                                                                                                                                    • API String ID: 193678381-2227591447
                                                                                                                                                                                                                                                    • Opcode ID: ef9702b7e38cf4233502a5ed84842f8ea6fc219b64a343c695ae01e4f52a91d7
                                                                                                                                                                                                                                                    • Instruction ID: 61307794c9489076b62cd0e822923f5ef64bdb6937f73293c86c2ad3e798a673
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef9702b7e38cf4233502a5ed84842f8ea6fc219b64a343c695ae01e4f52a91d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C01F272F1968196E300D765E8416F87754EF887D4F944132EA8C83BEAEF2CD601CB68
                                                                                                                                                                                                                                                    Function 00007FF8A81ED94A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_printf$O_indent
                                                                                                                                                                                                                                                    • String ID: %s (%d)$unexpected value
                                                                                                                                                                                                                                                    • API String ID: 1715996925-1289549259
                                                                                                                                                                                                                                                    • Opcode ID: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                                                    • Instruction ID: cee5abaa328d743193f768f197b42cc9d5d910cc51193cbd996f13afbf3ff2f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EF062B1A0E642B2F7259B19D8015BC2A51FB81FC0F445932E95D176AAEF3CA641D33C
                                                                                                                                                                                                                                                    Function 00007FF8B9F62A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F62A8E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abortterminate
                                                                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                    • API String ID: 661698970-2671469338
                                                                                                                                                                                                                                                    • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                                                                                    • Instruction ID: 478284a6a31a037766df26a918afe58d24840a9f1edfd0ccd208c74fc3d26a2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF0493291878796E7646F69E1810AD37A4EF8CBE2F19A031D78846352CF7CE4A0CB41
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                    • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_post_handshake_auth
                                                                                                                                                                                                                                                    • API String ID: 193678381-3813554763
                                                                                                                                                                                                                                                    • Opcode ID: a1339d128566fc28d5c2bdc317c878f2cf9bb78fbf4c3f09297f8e9a10dd56b0
                                                                                                                                                                                                                                                    • Instruction ID: e080631a882dfeebfc84cfb0932adf870f09373f73ee32ba018cdd7c071e2262
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1339d128566fc28d5c2bdc317c878f2cf9bb78fbf4c3f09297f8e9a10dd56b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F0A0B2F0B14666F350E7A0D80A7F92250EF84390F880430DA4C47ACAEF6CA9D5C638
                                                                                                                                                                                                                                                    Function 00007FF8B9F6A638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                                                                                    • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                                                                                                                                    • Instruction ID: ce8eed7e0a0cc34b72fd8254b63570a889bf4deea6cd194ef819d1e4a99b5014
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2913A62E08B9289FB518F68D8403AC3BB1BB047AAF955035DB4D17799DF7CE846C350
                                                                                                                                                                                                                                                    Function 00007FF8B9F6D274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3863519203-0
                                                                                                                                                                                                                                                    • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                                                                                                                                    • Instruction ID: 4c3e5b4fb387a1702b0b24d6aaf9b385203d66666a3ed768db33b000ec604e0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E414772A08B8589EB01CF68D8413AC37A0FB49BA9F989039DB4D5B759DF7CD445C360
                                                                                                                                                                                                                                                    Function 00007FF8A81B1B27 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: B_exCalc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1900010111-0
                                                                                                                                                                                                                                                    • Opcode ID: 26af03551079b2226ad3557e5d3309bc45daeb416e7ce2267ea2b5826f8dd582
                                                                                                                                                                                                                                                    • Instruction ID: 2985b662871361e8b315ff500e1a543ed196fae1030cd68f3467dc54b0320d57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26af03551079b2226ad3557e5d3309bc45daeb416e7ce2267ea2b5826f8dd582
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F931612261AA4391EB91DF15D4547E933A0FB84BC8F580132DE4D4B799DF7CD841C764
                                                                                                                                                                                                                                                    Function 00007FF8A81F2B20 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Calc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2662037904-0
                                                                                                                                                                                                                                                    • Opcode ID: 65c1bcf7c5f68ffab30a4f4844fe5b499fc2f157dc9c41be98c64b449794fa10
                                                                                                                                                                                                                                                    • Instruction ID: 95e14098a642c9acdfc2e5906ba022a2314785ed4bae2db53339dc7c7430bcb5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65c1bcf7c5f68ffab30a4f4844fe5b499fc2f157dc9c41be98c64b449794fa10
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C211A77270698652FB419B25D4516FA2350FF88B88F440033DD4D8775AEF2CD241C724
                                                                                                                                                                                                                                                    Function 00007FF8A81B1C80 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 280995463-0
                                                                                                                                                                                                                                                    • Opcode ID: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                                                                    • Instruction ID: f5854932cda4eb1f2d4ad33f3903404e30d23347c3d1094e7366da267f29fc49
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B01B521F0F64255FF45E756A8092799294DF94BC0F584030EE6D8BB9EEF1CE5818728
                                                                                                                                                                                                                                                    Function 00007FF8B9F709FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                                                                                                                                    • Instruction ID: 9ca8352044e2257f7a05b13245ae251e1d4af69758ee5fe4e06664b572363678
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5113C22B14F419AEB00CF64E8542B837A4FB19BA9F440E31DB6D877A4DF7CD1988340
                                                                                                                                                                                                                                                    Function 00007FF8B8F7166C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309270963.00007FF8B8F71000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309240746.00007FF8B8F70000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309322062.00007FF8B8F73000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309340812.00007FF8B8F75000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309359337.00007FF8B8F76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b8f70000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: fc348722533f7bede41270b70dd1cf40f05866eac93c13f3ada98f936aa9b055
                                                                                                                                                                                                                                                    • Instruction ID: 1d0d03db619deaf1823032c43b593b10fff2a06d27f6886f31b4b68a8e5fa862
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc348722533f7bede41270b70dd1cf40f05866eac93c13f3ada98f936aa9b055
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B411303AB14F0299FB00CF64E8542B837A4FB19799F440D35DB6D867A4DF78D1998380
                                                                                                                                                                                                                                                    Function 00007FF8B9F6F670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 451473138-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                                                                                                                                    • Instruction ID: 8dd589892dcf39309ac1184f002fcfce61530105ad3518ef86ca45db0f2c9dbf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8051BD32B197828AEB54CF29E544A7C37A1EB54BEAF209135DB5A43788DF7CE851C700
                                                                                                                                                                                                                                                    Function 00007FF8B9F64E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abort$CreateFrameInfo
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2697087660-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                                                                                                                                    • Instruction ID: a374caf67dbcb8b14e77ebfc1013ced8dd0a5e9b1f9526efd1209bb704f94e01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31516E33A1878296E660EF29E04026E77A4FB8ABE2F141134EB8D47B55CF3CE450CB04
                                                                                                                                                                                                                                                    Function 00007FF8B9F6A524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                                                                    • String ID: void$void
                                                                                                                                                                                                                                                    • API String ID: 2943138195-3746155364
                                                                                                                                                                                                                                                    • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                                                                                                                                    • Instruction ID: 50e02da43d9ed30433ee454c90c922a6eba29c6052bf3011fa25831b1aaac6cc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D311462E18B959CFB01CFA8E8410EC3BB0BB48799B442536EF4E56B59EF3C9144C750
                                                                                                                                                                                                                                                    Function 00007FF8A81ECB0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                                    • String ID: %s (0x%04x)
                                                                                                                                                                                                                                                    • API String ID: 2723189173-3351362759
                                                                                                                                                                                                                                                    • Opcode ID: 13991b87e369eed1545d1192fceb5d0c9b50758468dd5dde525e0e2acae3d905
                                                                                                                                                                                                                                                    • Instruction ID: 2238c9f96198eea678e2ac000b922b2285a1bc0a907c1d263f507de319d597d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13991b87e369eed1545d1192fceb5d0c9b50758468dd5dde525e0e2acae3d905
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E111E632F1E59296EB268A19E5112BD6B91EB41BD4F484433CE5D03685EF2DE153C328
                                                                                                                                                                                                                                                    Function 00007FF8A81EC9CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                                    • String ID: %s (%d)
                                                                                                                                                                                                                                                    • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                                                    • Opcode ID: 290cfd9f2578d6012c00051a70f6a5f3a31751d1fa2c3858a7e3bdbe74487c21
                                                                                                                                                                                                                                                    • Instruction ID: 229f4aadf09ab106e2752515d8c984ac4b6730002acc6ebf19565d02eb44c0a3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 290cfd9f2578d6012c00051a70f6a5f3a31751d1fa2c3858a7e3bdbe74487c21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C811E222F1E69196EB62CA15990527A2B91EB85FD0F054433CE5D03785FF7DE143C368
                                                                                                                                                                                                                                                    Function 00007FF8A81EC93A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                                    • String ID: %s (%d)
                                                                                                                                                                                                                                                    • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                                                    • Opcode ID: b4332a9955e6fe1012b9039f8a517fb590b7966cde33bc4f5d3a56bbc90e9e3c
                                                                                                                                                                                                                                                    • Instruction ID: 8c217ccae7847b63cc47c02250309c9267bc00bec63ccc294d7e27000101283d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4332a9955e6fe1012b9039f8a517fb590b7966cde33bc4f5d3a56bbc90e9e3c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD118E32A2E692E6EA528A15E4001B96B51EB85FD0F484433CE5E07799EF3DE543C728
                                                                                                                                                                                                                                                    Function 00007FF8B9F6676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHeader$ExceptionRaise
                                                                                                                                                                                                                                                    • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                                                                                                                                    • API String ID: 3685223789-3176238549
                                                                                                                                                                                                                                                    • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                                                                                    • Instruction ID: eb19de9f364c485ca1c657c8a586ed434bb72ecd8358c8cecf024132abb500b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07015EA1A19B87E2EE40DFACE4511786360EF81BEAF446431E70E07769EFACD508C700
                                                                                                                                                                                                                                                    Function 00007FF8B9F66B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                                                                                    • Instruction ID: 139417cda1f7e53b5a329f65d0cdfc90856a7360f54a2769ab63ac4b39ebe225
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2111C32618F8192EB618F19F440259BBE5FB88B99F584231DB8C07768DF3DD551CB00
                                                                                                                                                                                                                                                    Function 00007FF8A8224C26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                                                                    • Instruction ID: 751e0cd0d4e81511c6dff544074fab86e6e8b3582ac5dbbd1042914f27a2e6d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8018162F0A24256FB659B69905537C2681EF84B84F984035CA1C0B7CAEF7DD8D5C728
                                                                                                                                                                                                                                                    Function 00007FF8A81C4BB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_snprintf
                                                                                                                                                                                                                                                    • String ID: 3DES(168)$SHA256
                                                                                                                                                                                                                                                    • API String ID: 3142812517-1425382332
                                                                                                                                                                                                                                                    • Opcode ID: 80c56bf669460c7ae283a5bb910a914187ca2ce988227b59e2b837bca9973e7f
                                                                                                                                                                                                                                                    • Instruction ID: 6d3c8cabca650f7ec235a8133dcf944b1f919568da00a7189559ef487b61ccdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80c56bf669460c7ae283a5bb910a914187ca2ce988227b59e2b837bca9973e7f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9401B1B2E0D681A1E2B2AB14B4440B96660FBA17D0F0405B2DF8C23A68CF3CE940D35C
                                                                                                                                                                                                                                                    Function 00007FF8A81C4BAA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_snprintf
                                                                                                                                                                                                                                                    • String ID: DES(56)$SHA256
                                                                                                                                                                                                                                                    • API String ID: 3142812517-3688456565
                                                                                                                                                                                                                                                    • Opcode ID: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                                                                    • Instruction ID: 425531a1018be5a537287867fa6a2316d00b548dc3aacf0cfff92d5883e13f28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5601D4B3E0E681A1E2B2AB14B4440B96660FBA17D0F0405B2DF8C23A68CF3CED40D25C
                                                                                                                                                                                                                                                    Function 00007FF8A81C4BDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_snprintf
                                                                                                                                                                                                                                                    • String ID: IDEA(128)$SHA256
                                                                                                                                                                                                                                                    • API String ID: 3142812517-2727354722
                                                                                                                                                                                                                                                    • Opcode ID: cb3cda230d24ffcfe9c2380903472647c70346dfab95449c4f7702e348b7fc2e
                                                                                                                                                                                                                                                    • Instruction ID: 8442dd22dea7bfce25c32fd039d8ba22d9ae09263141d533f4571985ed784605
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb3cda230d24ffcfe9c2380903472647c70346dfab95449c4f7702e348b7fc2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0801D4B3E0E691A1E2B2AB14B4440B96660FBA17D0F0505B2DF8C23A68CF3CEC40D25C
                                                                                                                                                                                                                                                    Function 00007FF8A81C4BC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_snprintf
                                                                                                                                                                                                                                                    • String ID: RC4(128)$SHA256
                                                                                                                                                                                                                                                    • API String ID: 3142812517-1400659560
                                                                                                                                                                                                                                                    • Opcode ID: c19d1aa8b3c81704404ec0b3086f8eac485458e17100b68f60ba5578d7cc6a83
                                                                                                                                                                                                                                                    • Instruction ID: e2ac16fad6c491dc0250d3b968e491b9c93baa976925a5f3615623a2dd9c4bb0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c19d1aa8b3c81704404ec0b3086f8eac485458e17100b68f60ba5578d7cc6a83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F601D4B3E0D681A1E2B2AB14B4440B96660FBA17D0F0405B2DF8C23A68CF3CED40D25C
                                                                                                                                                                                                                                                    Function 00007FF8A81C4BCE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_snprintf
                                                                                                                                                                                                                                                    • String ID: RC2(128)$SHA256
                                                                                                                                                                                                                                                    • API String ID: 3142812517-4086923701
                                                                                                                                                                                                                                                    • Opcode ID: 24c1b70f5e47c98100c3f4ec21ce0afffd4d93cfd70c1fbf526dfc16ad58634e
                                                                                                                                                                                                                                                    • Instruction ID: 18da6cc0eb61c1590e9a784ece600271f791cb8fc9bf6caf0ab6197f3e043b9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24c1b70f5e47c98100c3f4ec21ce0afffd4d93cfd70c1fbf526dfc16ad58634e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9701D4B3E0D781A1E2B2AB14B4440B96660FBA17D0F0405B2DF8C23A68CF3CED40D25C
                                                                                                                                                                                                                                                    Function 00007FF8A81B8A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$System$File
                                                                                                                                                                                                                                                    • String ID: gfff
                                                                                                                                                                                                                                                    • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                                    • Opcode ID: 87700e89d8ba6b4a25f8f512b81ccb7933ee874b46122ca3b6fab96fdd1adfda
                                                                                                                                                                                                                                                    • Instruction ID: 58cbebcfd80b4c9eb8bee85261ef93b0f20f1c155858ad61072d878dcbd89d0f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87700e89d8ba6b4a25f8f512b81ccb7933ee874b46122ca3b6fab96fdd1adfda
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1012BE2B1954546DB50DB25F8012A967D0F7CC7C4F449032E68DC7769EF2CD241C710
                                                                                                                                                                                                                                                    Function 00007FF8A82119F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3304115522.00007FF8A81B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF8A81B0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304059965.00007FF8A81B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304115522.00007FF8A8232000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304177731.00007FF8A8234000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304201675.00007FF8A825C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8261000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A8267000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3304217252.00007FF8A826F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8a81b0000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                                    • String ID: )
                                                                                                                                                                                                                                                    • API String ID: 3946675294-2427484129
                                                                                                                                                                                                                                                    • Opcode ID: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                                                    • Instruction ID: e556f34f05d2f0be06eb078e67a4c224db875ccfba5e0948bafbb2afedf0ceb5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1F09632B0924156FB95DF15E08537C2391EB88BC4F585134CA5D4B78ADF3CD485C714
                                                                                                                                                                                                                                                    Function 00007FF8B9F6F420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF8B9F66E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B9F629EE), ref: 00007FF8B9F66E56
                                                                                                                                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9F6F45A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: abortterminate
                                                                                                                                                                                                                                                    • String ID: csm$f
                                                                                                                                                                                                                                                    • API String ID: 661698970-629598281
                                                                                                                                                                                                                                                    • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                                                                                                                                    • Instruction ID: 399f4d607298d6fc6c4d2769afbd47a98922be958465cdd830cbf39bf16bed9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DE06532D087D291E7206F65F18013D2AA4AF5ABF6F34A034DB8806B46CE3DD490C745
                                                                                                                                                                                                                                                    Function 00007FF8B9F66E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF8B9F66CE9,?,?,?,?,00007FF8B9F70582,?,?,?,?,?), ref: 00007FF8B9F66E83
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF8B9F66CE9,?,?,?,?,00007FF8B9F70582,?,?,?,?,?), ref: 00007FF8B9F66F0C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.3309985515.00007FF8B9F61000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8B9F60000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3309964378.00007FF8B9F60000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310040659.00007FF8B9F73000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310062824.00007FF8B9F78000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.3310137435.00007FF8B9F79000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff8b9f60000_0jNz7djbpp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                                                                                    • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                                                                                    • Instruction ID: 70e77c9397db20f61023ed35a4d3a2617c6c218ea3627156750a466c11a38436
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3113A20F19BC282FA159F6DE8501782691AF49BF6F185634DB6E077E9DE3CB841C610