Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
shost.exe

Overview

General Information

Sample name:shost.exe
Analysis ID:1574328
MD5:e6c0aa5771a46907706063ae1d8b4fb9
SHA1:966ce51dfb51cf7e9db0c86eb35b964195c21bf2
SHA256:b76d1577baac7071b5243e8639007e2cdd406258d6da07386fb0d638988d382f
Tags:exegithub-com--hombozuser-JAMESWT_MHT
Infos:

Detection

Python Stealer, Muck Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected Muck Stealer
Found pyInstaller with non standard icon
Yara detected Generic Python Stealer
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • shost.exe (PID: 4576 cmdline: "C:\Users\user\Desktop\shost.exe" MD5: E6C0AA5771A46907706063AE1D8B4FB9)
    • shost.exe (PID: 1880 cmdline: "C:\Users\user\Desktop\shost.exe" MD5: E6C0AA5771A46907706063AE1D8B4FB9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MuckStealerYara detected Muck StealerJoe Security
    Process Memory Space: shost.exe PID: 1880JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
      Process Memory Space: shost.exe PID: 1880JoeSecurity_MuckStealerYara detected Muck StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: https://discord.gift/Avira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: shost.exeReversingLabs: Detection: 55%
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
        Source: shost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: shost.exe, 00000002.00000002.3397673335.00007FFD94604000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: shost.exe, 00000002.00000002.3397048410.00007FFD940A2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: shost.exe, 00000002.00000002.3397048410.00007FFD940A2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: shost.exe, 00000000.00000003.2147965546.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402353295.00007FFDA4341000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: shost.exe, 00000000.00000003.2147965546.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402353295.00007FFDA4341000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402885336.00007FFDA5493000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: shost.exe, 00000002.00000002.3402174547.00007FFDA4171000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3400953425.00007FFDA3AE7000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: shost.exe, 00000002.00000002.3400423691.00007FFDA3635000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401137046.00007FFDA3C0C000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401665795.00007FFDA3FD2000.00000002.00000001.01000000.00000014.sdmp, _uuid.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: shost.exe, 00000002.00000002.3400767220.00007FFDA36D2000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402493283.00007FFDA4633000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401137046.00007FFDA3C0C000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: shost.exe, 00000000.00000003.2148472034.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401258641.00007FFDA3C2D000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402694088.00007FFDA4DA4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3400864209.00007FFDA3A89000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402694088.00007FFDA4DA4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: shost.exe, 00000002.00000002.3400178310.00007FFDA356F000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393377971.00000271C3D80000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: shost.exe, 00000002.00000002.3400423691.00007FFDA3635000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: shost.exe, 00000002.00000002.3400583397.00007FFDA368D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868892F0 FindFirstFileExW,FindClose,0_2_00007FF7868892F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7868883B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868892F0 FindFirstFileExW,FindClose,2_2_00007FF7868892F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7868883B0
        Source: Joe Sandbox ViewIP Address: 162.159.136.232 162.159.136.232
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: discord.com
        Source: shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C4432000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyusering.com/2012/05/how-to-choose-authenticated-encryption.html
        Source: shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2183298432.00000271C4509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: shost.exe, 00000002.00000003.2181997484.00000271C49EE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2188545898.00000271C4A4E000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2181997484.00000271C4A4E000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4BAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: shost.exe, 00000002.00000002.3393190973.00000271C2522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlption
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4B2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlY
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4B2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4BAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C4432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
        Source: shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C1F000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395260651.00000271C5350000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395139567.00000271C5288000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
        Source: shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
        Source: shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://i.instagram.com/api/v1/users/web_profile_info/?username=
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
        Source: shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: shost.exe, 00000002.00000002.3394120888.00000271C47A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394039523.00000271C46A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
        Source: shost.exe, 00000002.00000002.3395260651.00000271C5350000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395260651.00000271C5314000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
        Source: shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
        Source: shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
        Source: shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
        Source: shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm;;
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
        Source: shost.exe, 00000000.00000003.2166624742.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/
        Source: shost.exe, 00000000.00000003.2166624742.000002162E300000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166972393.000002162E301000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166624742.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: shost.exe, 00000002.00000002.3394120888.00000271C47A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2183564802.00000271C48C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/7
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/MJ
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163360306.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2164725093.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2FE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2162142722.000002162E2F8000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
        Source: shost.exe, 00000002.00000003.2189919470.00000271C4A43000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4BE3000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?Sy
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
        Source: shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1086668425797058691/1113770559688413245/app.asar
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1135684724585681039/1143224080603037827/app.asar
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
        Source: _cffi_backend.cp312-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
        Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
        Source: _rust.pyd.0.drString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
        Source: shost.exe, 00000002.00000002.3395620767.00000271C5C74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/N&
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
        Source: shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1312770654163963904/AnlhEReW6Pv5NUYZVxbYpoMEbzRv54oRzr-s0adh4Xg17pk
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/c
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v6/users/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3E60000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
        Source: shost.exe, 00000002.00000002.3393566020.00000271C40A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
        Source: shost.exe, 00000002.00000002.3393566020.00000271C40A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
        Source: shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
        Source: shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com)
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/astral-sh/ruff
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankxrs
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankxrs/
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
        Source: shost.exe, 00000002.00000002.3395260651.00000271C5314000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
        Source: METADATA.0.dr, _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
        Source: _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
        Source: _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
        Source: shost.exe, 00000002.00000002.3394120888.00000271C47A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
        Source: shost.exe, 00000002.00000002.3394849814.00000271C4DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
        Source: shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
        Source: shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
        Source: shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179712377.00000271C4548000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179677326.00000271C455A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
        Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
        Source: shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
        Source: shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4A87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: shost.exe, 00000002.00000002.3395260651.00000271C5350000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.imgur.com/Npe8QuD.png
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
        Source: METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
        Source: shost.exe, 00000002.00000002.3394120888.00000271C47A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A9D000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A87000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
        Source: shost.exe, 00000002.00000003.2188806016.00000271C4552000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2188409688.00000271C4A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nationsglory.fr/profile/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
        Source: shost.exe, 00000002.00000002.3394039523.00000271C46A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179781360.00000271C4537000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
        Source: shost.exe, 00000002.00000002.3397673335.00007FFD94604000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394849814.00000271C4DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
        Source: shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
        Source: shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
        Source: shost.exe, 00000002.00000002.3395260651.00000271C52D0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
        Source: shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
        Source: shost.exe, 00000002.00000003.2177446786.00000271C4511000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C4511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
        Source: shost.exe, 00000002.00000003.2177559780.00000271C427A000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C44B1000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178038087.00000271C449C000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C4432000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178574762.00000271C4488000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2177446786.00000271C4511000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179781360.00000271C447F000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C4511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
        Source: shost.exe, 00000002.00000002.3393959975.00000271C45A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
        Source: shost.exe, 00000002.00000003.2177446786.00000271C44D2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2177446786.00000271C4511000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C4511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
        Source: shost.exe, 00000002.00000003.2177446786.00000271C44D2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2177446786.00000271C4511000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C4511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skins.nationsglory.fr/face/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stake.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
        Source: shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
        Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C4432000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
        Source: shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2189400984.00000271C4A6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
        Source: shost.exe, 00000002.00000003.2181997484.00000271C49EE000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2188545898.00000271C4A4E000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2181997484.00000271C4A4E000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
        Source: shost.exe, 00000000.00000003.2154080870.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
        Source: shost.exe, 00000000.00000003.2154080870.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2154238011.000002162E2FF000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2154080870.000002162E2FF000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
        Source: shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
        Source: shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3400469731.00007FFDA3670000.00000002.00000001.01000000.00000013.sdmp, shost.exe, 00000002.00000002.3397353149.00007FFD941E3000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: shost.exe, 00000002.00000003.2188806016.00000271C4552000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2188409688.00000271C4A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: shost.exe, 00000002.00000002.3393450092.00000271C3E60000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
        Source: shost.exe, 00000002.00000002.3398077900.00007FFD94774000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
        Source: shost.exe, 00000002.00000002.3397673335.00007FFD94604000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
        Source: shost.exe, 00000002.00000002.3394201838.00000271C4926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
        Source: shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/M
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
        Source: shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868810000_2_00007FF786881000
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786888BD00_2_00007FF786888BD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A5C700_2_00007FF7868A5C70
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A69D40_2_00007FF7868A69D4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A09380_2_00007FF7868A0938
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868917B00_2_00007FF7868917B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A97980_2_00007FF7868A9798
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786891FD00_2_00007FF786891FD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868988040_2_00007FF786898804
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78689DF600_2_00007FF78689DF60
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A18E40_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868898700_2_00007FF786889870
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786895DA00_2_00007FF786895DA0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786891DC40_2_00007FF786891DC4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78689E5E00_2_00007FF78689E5E0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868936100_2_00007FF786893610
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688AD1D0_2_00007FF78688AD1D
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A5EEC0_2_00007FF7868A5EEC
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786899F100_2_00007FF786899F10
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786891BC00_2_00007FF786891BC0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688A34B0_2_00007FF78688A34B
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688A4E40_2_00007FF78688A4E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A09380_2_00007FF7868A0938
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A64880_2_00007FF7868A6488
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A3C800_2_00007FF7868A3C80
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786892C800_2_00007FF786892C80
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868919B40_2_00007FF7868919B4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868921D40_2_00007FF7868921D4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786893A140_2_00007FF786893A14
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A411C0_2_00007FF7868A411C
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868981540_2_00007FF786898154
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78689DACC0_2_00007FF78689DACC
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868810002_2_00007FF786881000
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A69D42_2_00007FF7868A69D4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868917B02_2_00007FF7868917B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A97982_2_00007FF7868A9798
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786891FD02_2_00007FF786891FD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868988042_2_00007FF786898804
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78689DF602_2_00007FF78689DF60
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A18E42_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868898702_2_00007FF786889870
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786895DA02_2_00007FF786895DA0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786891DC42_2_00007FF786891DC4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78689E5E02_2_00007FF78689E5E0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868936102_2_00007FF786893610
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688AD1D2_2_00007FF78688AD1D
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A5EEC2_2_00007FF7868A5EEC
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786899F102_2_00007FF786899F10
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786888BD02_2_00007FF786888BD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786891BC02_2_00007FF786891BC0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688A34B2_2_00007FF78688A34B
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688A4E42_2_00007FF78688A4E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A5C702_2_00007FF7868A5C70
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A09382_2_00007FF7868A0938
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A64882_2_00007FF7868A6488
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A3C802_2_00007FF7868A3C80
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786892C802_2_00007FF786892C80
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868919B42_2_00007FF7868919B4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868921D42_2_00007FF7868921D4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF786893A142_2_00007FF786893A14
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A411C2_2_00007FF7868A411C
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868981542_2_00007FF786898154
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A09382_2_00007FF7868A0938
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78689DACC2_2_00007FF78689DACC
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A764002_2_00007FFD93A76400
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A9D3F02_2_00007FFD93A9D3F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AF73F02_2_00007FFD93AF73F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AF84302_2_00007FFD93AF8430
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A743902_2_00007FFD93A74390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AB33702_2_00007FFD93AB3370
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93ADF3602_2_00007FFD93ADF360
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AFE3D02_2_00007FFD93AFE3D0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AFA3A02_2_00007FFD93AFA3A0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A8B3102_2_00007FFD93A8B310
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AE43102_2_00007FFD93AE4310
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A882902_2_00007FFD93A88290
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A952D02_2_00007FFD93A952D0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A962C02_2_00007FFD93A962C0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B112502_2_00007FFD93B11250
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B132102_2_00007FFD93B13210
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A8C1C02_2_00007FFD93A8C1C0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B241802_2_00007FFD93B24180
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A740F02_2_00007FFD93A740F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B1B0F02_2_00007FFD93B1B0F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A811202_2_00007FFD93A81120
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B1D0D02_2_00007FFD93B1D0D0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AD40D02_2_00007FFD93AD40D0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A870C02_2_00007FFD93A870C0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B120802_2_00007FFD93B12080
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B260902_2_00007FFD93B26090
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B2F8402_2_00007FFD93B2F840
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A858502_2_00007FFD93A85850
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A728502_2_00007FFD93A72850
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AF18502_2_00007FFD93AF1850
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AD87702_2_00007FFD93AD8770
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AC87A02_2_00007FFD93AC87A0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A9C7202_2_00007FFD93A9C720
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B046C02_2_00007FFD93B046C0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AAA6B52_2_00007FFD93AAA6B5
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93ACD6A02_2_00007FFD93ACD6A0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AA46102_2_00007FFD93AA4610
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A825F02_2_00007FFD93A825F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A9F5702_2_00007FFD93A9F570
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93ABE4F02_2_00007FFD93ABE4F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AD94F02_2_00007FFD93AD94F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AB95202_2_00007FFD93AB9520
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A9B4902_2_00007FFD93A9B490
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A794802_2_00007FFD93A79480
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AF6BE02_2_00007FFD93AF6BE0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A8BB702_2_00007FFD93A8BB70
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B22B902_2_00007FFD93B22B90
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AD1A802_2_00007FFD93AD1A80
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AE9A702_2_00007FFD93AE9A70
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A7AAB02_2_00007FFD93A7AAB0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B04AB02_2_00007FFD93B04AB0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A90A502_2_00007FFD93A90A50
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A7E9802_2_00007FFD93A7E980
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B239602_2_00007FFD93B23960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A769482_2_00007FFD93A76948
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AB59302_2_00007FFD93AB5930
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B208A02_2_00007FFD93B208A0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93ACF8902_2_00007FFD93ACF890
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B15FB02_2_00007FFD93B15FB0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AF4FD02_2_00007FFD93AF4FD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AE0FC02_2_00007FFD93AE0FC0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B24F202_2_00007FFD93B24F20
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A78F102_2_00007FFD93A78F10
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B16EF02_2_00007FFD93B16EF0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A9BF402_2_00007FFD93A9BF40
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93ADDE702_2_00007FFD93ADDE70
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AB7E102_2_00007FFD93AB7E10
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AC8DF02_2_00007FFD93AC8DF0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B12DE02_2_00007FFD93B12DE0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A7FD602_2_00007FFD93A7FD60
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A88CF02_2_00007FFD93A88CF0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A76D422_2_00007FFD93A76D42
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A92D202_2_00007FFD93A92D20
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A97C902_2_00007FFD93A97C90
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93AC9CD02_2_00007FFD93AC9CD0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A73CA02_2_00007FFD93A73CA0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93BE12F02_2_00007FFD93BE12F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93BE18A02_2_00007FFD93BE18A0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9DF423E02_2_00007FFD9DF423E0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9DF41FB02_2_00007FFD9DF41FB0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E8448102_2_00007FFD9E844810
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E8445C02_2_00007FFD9E8445C0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E851D702_2_00007FFD9E851D70
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E851FE02_2_00007FFD9E851FE0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E8524902_2_00007FFD9E852490
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E8529B02_2_00007FFD9E8529B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E852EB02_2_00007FFD9E852EB0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E8535202_2_00007FFD9E853520
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3B21202_2_00007FFD9F3B2120
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3B1D302_2_00007FFD9F3B1D30
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3C21E02_2_00007FFD9F3C21E0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3C1F002_2_00007FFD9F3C1F00
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3E1F802_2_00007FFD9F3E1F80
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F7F22702_2_00007FFD9F7F2270
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F7F23802_2_00007FFD9F7F2380
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F7F1D302_2_00007FFD9F7F1D30
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA08622802_2_00007FFDA0862280
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA0861D302_2_00007FFDA0861D30
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA08721502_2_00007FFDA0872150
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA2E91FE02_2_00007FFDA2E91FE0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA32F22302_2_00007FFDA32F2230
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3567C482_2_00007FFDA3567C48
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FFD93A9FEC0 appears 38 times
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FFD93A78E10 appears 129 times
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FF786882710 appears 104 times
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FFD93A79D60 appears 171 times
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FF786882910 appears 34 times
        Source: C:\Users\user\Desktop\shost.exeCode function: String function: 00007FFD93A78C40 appears 31 times
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs shost.exe
        Source: shost.exe, 00000000.00000003.2147965546.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs shost.exe
        Source: shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2150843940.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2163793545.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2148885023.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2163525494.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs shost.exe
        Source: shost.exe, 00000000.00000003.2148472034.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs shost.exe
        Source: shost.exe, 00000000.00000003.2167542529.000002162E2F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs shost.exe
        Source: shost.exe, 00000000.00000003.2151340851.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs shost.exe
        Source: shost.exeBinary or memory string: OriginalFilename vs shost.exe
        Source: shost.exe, 00000002.00000002.3401027695.00007FFDA3AEE000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3398514967.00007FFD9489D000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs shost.exe
        Source: shost.exe, 00000002.00000002.3402958118.00007FFDA5496000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3401929740.00007FFDA3FD4000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3400469731.00007FFDA3670000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs shost.exe
        Source: shost.exe, 00000002.00000002.3402794084.00007FFDA4DA7000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3400217598.00007FFDA357B000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3400699710.00007FFDA36A9000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3401339673.00007FFDA3C32000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3402410988.00007FFDA4347000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs shost.exe
        Source: shost.exe, 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs shost.exe
        Source: shost.exe, 00000002.00000002.3401199055.00007FFDA3C15000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3400902578.00007FFDA3A93000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3397353149.00007FFD941E3000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs shost.exe
        Source: shost.exe, 00000002.00000002.3402554005.00007FFDA4636000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3402274238.00007FFDA417C000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs shost.exe
        Source: shost.exe, 00000002.00000002.3393377971.00000271C3D80000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs shost.exe
        Source: shost.exe, 00000002.00000002.3400807281.00007FFDA36DD000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs shost.exe
        Source: classification engineClassification label: mal72.troj.winEXE@3/92@1/1
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762Jump to behavior
        Source: shost.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\shost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: shost.exe, shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: shost.exeReversingLabs: Detection: 55%
        Source: C:\Users\user\Desktop\shost.exeFile read: C:\Users\user\Desktop\shost.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\shost.exe "C:\Users\user\Desktop\shost.exe"
        Source: C:\Users\user\Desktop\shost.exeProcess created: C:\Users\user\Desktop\shost.exe "C:\Users\user\Desktop\shost.exe"
        Source: C:\Users\user\Desktop\shost.exeProcess created: C:\Users\user\Desktop\shost.exe "C:\Users\user\Desktop\shost.exe"Jump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: libcrypto-3.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: libssl-3.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: sqlite3.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\shost.exeSection loaded: wintypes.dllJump to behavior
        Source: shost.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: shost.exeStatic file information: File size 16895360 > 1048576
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: shost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: shost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: shost.exe, 00000002.00000002.3397673335.00007FFD94604000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: shost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: shost.exe, 00000002.00000002.3397048410.00007FFD940A2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: shost.exe, 00000002.00000002.3397048410.00007FFD940A2000.00000002.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: shost.exe, 00000000.00000003.2149849739.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: shost.exe, 00000000.00000003.2147965546.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402353295.00007FFDA4341000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: shost.exe, 00000000.00000003.2147965546.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402353295.00007FFDA4341000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: shost.exe, 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: shost.exe, 00000000.00000003.2149757276.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: params.pparams.qparams.gpub_keypriv_keyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.4.0built on: Wed Nov 27 17:13:13 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: shost.exe, 00000000.00000003.2166483174.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402885336.00007FFDA5493000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: shost.exe, 00000002.00000002.3402174547.00007FFDA4171000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: shost.exe, 00000000.00000003.2149376456.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3400953425.00007FFDA3AE7000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: shost.exe, 00000002.00000002.3400423691.00007FFDA3635000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401137046.00007FFDA3C0C000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: shost.exe, 00000000.00000003.2151576333.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401665795.00007FFDA3FD2000.00000002.00000001.01000000.00000014.sdmp, _uuid.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: shost.exe, 00000000.00000003.2148153901.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: shost.exe, 00000002.00000002.3400767220.00007FFDA36D2000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: shost.exe, 00000000.00000003.2150128357.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402493283.00007FFDA4633000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: shost.exe, 00000000.00000003.2149510097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401137046.00007FFDA3C0C000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: shost.exe, 00000000.00000003.2148472034.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3401258641.00007FFDA3C2D000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402694088.00007FFDA4DA4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: shost.exe, 00000000.00000003.2150452756.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3400864209.00007FFDA3A89000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: shost.exe, 00000000.00000003.2151891097.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3402694088.00007FFDA4DA4000.00000002.00000001.01000000.0000000F.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: shost.exe, 00000002.00000002.3400178310.00007FFDA356F000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: shost.exe, 00000000.00000003.2163947986.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393377971.00000271C3D80000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: shost.exe, 00000002.00000002.3400423691.00007FFDA3635000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: shost.exe, 00000002.00000002.3400583397.00007FFDA368D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
        Source: shost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: shost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: shost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: shost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: shost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
        Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
        Source: python312.dll.0.drStatic PE information: section name: PyRuntim

        Persistence and Installation Behavior

        barindex
        Found pyInstaller with non standard icon
        Source: C:\Users\user\Desktop\shost.exeProcess created: "C:\Users\user\Desktop\shost.exe"
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\sqlite3.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_cffi_backend.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\python312.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\libssl-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\libffi-8.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\libcrypto-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\VCRUNTIME140.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF786885820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF786885820
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_cffi_backend.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\python312.dllJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\shost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18160
        Source: C:\Users\user\Desktop\shost.exeAPI coverage: 1.5 %
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868892F0 FindFirstFileExW,FindClose,0_2_00007FF7868892F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7868883B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868892F0 FindFirstFileExW,FindClose,2_2_00007FF7868892F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868A18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7868A18E4
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF7868883B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7868883B0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93A80180 GetSystemInfo,2_2_00007FFD93A80180
        Source: shost.exe, 00000000.00000003.2152514142.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
        Source: shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78689A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78689A684
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A34F0 GetProcessHeap,0_2_00007FF7868A34F0
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF78688C910
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78689A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78689A684
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688D37C SetUnhandledExceptionFilter,0_2_00007FF78688D37C
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF78688D19C
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF78688C910
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78689A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF78689A684
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688D37C SetUnhandledExceptionFilter,2_2_00007FF78688D37C
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FF78688D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF78688D19C
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93B9CAF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93B9CAF0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93BE2AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93BE2AA0
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD93BE3068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93BE3068
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9DF41960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9DF41960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9DF41390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9DF41390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E841960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9E841960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E841390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9E841390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E851960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9E851960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9E851390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9E851390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3B1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F3B1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3B1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F3B1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F3C1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F3C1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3D1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F3D1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3D1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F3D1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F3E1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F3E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F3E1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F7F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F7F1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFD9F7F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F7F1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA0861960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA0861960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA0861390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA0861390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA0871960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA0871960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA0871390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA0871390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA2E91390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA2E91390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA2E91960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA2E91960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA2EA1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA2EA1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA2EA1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA2EA1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA32F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA32F1390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA32F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA32F1960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3521390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA3521390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3521960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA3521960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3531390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA3531390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3531960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA3531960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3541390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA3541390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3541960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA3541960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3551390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA3551390
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3551960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA3551960
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA356BEB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA356BEB0
        Source: C:\Users\user\Desktop\shost.exeProcess created: C:\Users\user\Desktop\shost.exe "C:\Users\user\Desktop\shost.exe"Jump to behavior
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A95E0 cpuid 0_2_00007FF7868A95E0
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\_bz2.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\pyexpat.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\jaraco VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md.cp312-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\unicodedata.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\_sqlite3.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeQueries volume information: C:\Users\user\Desktop\shost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF78688D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF78688D080
        Source: C:\Users\user\Desktop\shost.exeCode function: 0_2_00007FF7868A5C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7868A5C70

        Stealing of Sensitive Information

        barindex
        Yara detected Muck Stealer
        Source: Yara matchFile source: 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: shost.exe PID: 1880, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: shost.exe PID: 1880, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Muck Stealer
        Source: Yara matchFile source: 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: shost.exe PID: 1880, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: shost.exe PID: 1880, type: MEMORYSTR
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3566B84 PyFloat_Type,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyObject_CheckBuffer,PyErr_Format,sqlite3_bind_null,PyObject_GetBuffer,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,sqlite3_bind_blob,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyFloat_AsDouble,PyErr_Occurred,sqlite3_bind_double,PyErr_Occurred,sqlite3_bind_int64,2_2_00007FFDA3566B84
        Source: C:\Users\user\Desktop\shost.exeCode function: 2_2_00007FFDA3564ED0 PyEval_SaveThread,sqlite3_bind_parameter_count,PyEval_RestoreThread,PyTuple_Type,sqlite3_bind_parameter_name,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyLong_AsLongLongAndOverflow,sqlite3_bind_int64,_Py_Dealloc,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyTuple_Pack,PyDict_GetItemWithError,_Py_Dealloc,PyErr_Occurred,_PyObject_LookupAttr,_PyObject_LookupAttr,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyType_IsSubtype,PyObject_CheckBuffer,PyObject_GetBuffer,sqlite3_bind_blob,PyBuffer_Release,sqlite3_bind_null,PyFloat_AsDouble,sqlite3_bind_double,PyEval_SaveThread,sqlite3_bind_parameter_name,PyEval_RestoreThread,PyUnicode_FromString,PyDict_Type,PyDict_GetItemWithError,_Py_Dealloc,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PyExc_DeprecationWarning,PyErr_WarnFormat,PyList_GetItem,PyObject_CallOneArg,PyErr_Occurred,PyExc_OverflowError,PyErr_SetString,PyErr_Occurred,PyErr_Format,PyObject_CallOneArg,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,PySequence_Check,PyTuple_Type,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PySequence_Size,PyErr_Format,PyObject_GetItem,PyErr_Occurred,PyErr_Format,PyErr_Format,PyErr_SetString,PySequence_GetItem,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_LookupError,PyErr_ExceptionMatches,_Py_Dealloc,PyObject_CallOneArg,_Py_Dealloc,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,_Py_Dealloc,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyErr_Occurred,2_2_00007FFDA3564ED0

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		11
        Process Injection        		11
        Process Injection        		OS Credential Dumping2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		12
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Obfuscated Files or Information        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS23
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        shost.exe55%ReversingLabsWin64.Trojan.CrealStealer

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD5.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA1.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA224.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA256.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA384.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA512.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_keccak.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_poly1305.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Math\_modexp.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_strxor.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\VCRUNTIME140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_asyncio.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_multiprocessing.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_overlapped.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_sqlite3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_uuid.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\_wmi.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\libcrypto-3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\libffi-8.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI45762\libssl-3.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0%Avira URL Cloudsafe
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:0%Avira URL Cloudsafe
        https://nationsglory.fr/profile/0%Avira URL Cloudsafe
        https://discord.gift/100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        discord.com
        		162.159.136.232
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://nationsglory.fr/profile/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://github.com/pyca/cryptography/issues/8996_rust.pyd.0.drfalse
            		high
            https://github.com/astral-sh/ruffshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
              		high
              https://discord.gift/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesshost.exe, 00000002.00000002.3393959975.00000271C45A0000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://coinbase.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://tiktok.com/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/python/importlib_metadata/issuesshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                        		high
                        https://tiktok.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://discord.com/shost.exe, 00000002.00000002.3395620767.00000271C5C74000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://discord.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#shost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://importlib-metadata.readthedocs.io/METADATA0.0.drfalse
                                    		high
                                    https://www.apache.org/licenses/LICENSE-2.0shost.exe, 00000000.00000003.2154080870.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2154238011.000002162E2FF000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2154080870.000002162E2FF000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                      		high
                                      https://packaging.python.org/en/latest/specifications/core-metadata/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://paypal.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/pypa/packagingshost.exe, 00000002.00000002.3394120888.00000271C47A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?Syshost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://i.instagram.com/api/v1/users/web_profile_info/?username=shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://readthedocs.org/projects/importlib-metadata/badge/?version=latestshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                    		high
                                                    https://refspecs.linuxfoundation.org/elf/gabi4shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://discord.com/api/v9/users/shost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://xbox.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://youtube.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://blog.jaraco.com/skeletonshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                		high
                                                                https://tools.ietf.org/html/rfc3610shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C4432000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/platformdirs/platformdirsshost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.dhimyotis.com/certignarootca.crlshost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://curl.haxx.se/rfc/cookie_spec.htmlshost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:shost.exe, 00000002.00000003.2177446786.00000271C44D2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2177446786.00000271C4511000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2178091910.00000271C4511000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameshost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3E60000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyshost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://crunchyroll.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://discord.comshost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.instagram.com/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://pypi.org/project/build/).shost.exe, 00000002.00000002.3394996590.00000271C4FA0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394849814.00000271C4DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://wwww.certigna.fr/autorites/0mshost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readershost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/python/cpython/issues/86361.shost.exe, 00000002.00000002.3393638342.00000271C41C3000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179712377.00000271C4548000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2179677326.00000271C455A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ebay.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://httpbin.org/shost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.apache.org/licenses/shost.exe, 00000000.00000003.2154080870.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                                		high
                                                                                                https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainshost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file_rust.pyd.0.drfalse
                                                                                                    		high
                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleshost.exe, 00000002.00000002.3393566020.00000271C40A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesshost.exe, 00000002.00000002.3393566020.00000271C40A0000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://playstation.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://img.shields.io/badge/skeleton-2024-informationalshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                            		high
                                                                                                            https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theshost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cryptography.io/en/latest/installation/shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                  		high
                                                                                                                  https://sellix.io)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/pypa/setuptools/issues/417#issuecomment-392298401shost.exe, 00000002.00000002.3394849814.00000271C4DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.discordapp.com/attachments/1086668425797058691/1113770559688413245/app.asarshost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/STCA.crlshost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://discord.com/api/v6/guilds/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.cert.fnmt.es/dpcs/shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://google.com/mailshost.exe, 00000002.00000002.3394201838.00000271C48A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4B84000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://img.shields.io/pypi/v/importlib_metadata.svgshost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/jaraco/jaraco.functools/issues/5shost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.accv.es00shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394675597.00000271C4C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.rfc-editor.org/info/rfc7253shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/pyca/cryptography/issuesMETADATA.0.dr, _rust.pyd.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.shost.exe, 00000002.00000002.3394201838.00000271C4A9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://mahler:8092/site-updates.pyshost.exe, 00000002.00000003.2188806016.00000271C4552000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393800182.00000271C44DD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2188409688.00000271C4A2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://tools.ietf.org/html/rfc7231#section-4.3.6)shost.exe, 00000002.00000002.3393800182.00000271C43A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2189400984.00000271C4A6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.accv.es/legislacion_c.htm;;shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://discord.gg/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.firmaprofesional.com/cps0shost.exe, 00000002.00000002.3395394965.00000271C53D0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3394201838.00000271C4A9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specshost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000002.3393450092.00000271C3EDC000.00000004.00001000.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://netflix.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2920shost.exe, 00000002.00000002.3395139567.00000271C51A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://gmail.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0shost.exe, 00000002.00000002.3394201838.00000271C4B2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datashost.exe, 00000002.00000002.3393638342.00000271C41A0000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169919471.00000271C41A2000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2169899700.00000271C41AD000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000002.00000003.2170048153.00000271C41A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://outlook.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22shost.exe, 00000000.00000003.2166700400.000002162E2F3000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://cacerts.digicert.coshost.exe, 00000000.00000003.2168055089.000002162E2F4000.00000004.00000020.00020000.00000000.sdmp, shost.exe, 00000000.00000003.2149033292.000002162E2F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.quovadisglobal.com/cps0shost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://binance.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cryptography.io/en/latest/changelog/shost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://spotify.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-shost.exe, 00000002.00000002.3395394965.00000271C54A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/pyca/cryptography/issues/9253_rust.pyd.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://mail.python.org/mailman/listinfo/cryptography-devshost.exe, 00000000.00000003.2153540570.000002162E2F2000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.ymlshost.exe, 00000002.00000002.3394923814.00000271C4EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://crl.securetrust.com/SGCA.crlYshost.exe, 00000002.00000002.3394201838.00000271C4A15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://docs.python.org/library/itertools.html#recipesshost.exe, 00000002.00000002.3394774822.00000271C4CA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://discord.com/api/users/shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://api.gofile.io/getServershost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://steam.com)shost.exe, 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          162.159.136.232
                                                                                                                                                                                                          		discord.comUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1574328
                                                                                                                                                                                                          Start date and time:2024-12-13 08:42:07 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 8m 47s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:5
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:shost.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal72.troj.winEXE@3/92@1/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                          • VT rate limit hit for: shost.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          162.159.136.232S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                          • discord.com/administrator/index.php

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          discord.comWE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 162.159.137.232
                                                                                                                                                                                                          ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 162.159.136.232
                                                                                                                                                                                                          eCXXUk54sx.exeGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                          apDMcnqqWs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 162.159.138.232
                                                                                                                                                                                                          https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 162.159.135.232
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                          file.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                          • 162.159.136.232
                                                                                                                                                                                                          xooSsYaHN0.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                          IErMYVWrv9.exeGet hashmaliciousPython Stealer, Luna Grabber, Luna LoggerBrowse
                                                                                                                                                                                                          • 162.159.135.232

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          CLOUDFLARENETUSmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.20.4.235
                                                                                                                                                                                                          in.exeGet hashmaliciousBabadeda, HTMLPhisherBrowse
                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                          CVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                                                                                                                                                                                                          • 104.16.185.241
                                                                                                                                                                                                          naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                          WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 162.159.137.232
                                                                                                                                                                                                          ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                          • 162.159.136.232
                                                                                                                                                                                                          naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                          eCXXUk54sx.exeGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                          ZS8xEqirxa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 104.21.27.188
                                                                                                                                                                                                          wV1Mk5PUmi.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          • 104.21.48.1

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_ARC4.pydlz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                            WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                              dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                                                  zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, CryptbotBrowse

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                                              Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                              MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                              SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                              SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                              SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                              Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                              MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                              SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                              SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                              SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                              Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                              MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                              SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                              SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                              SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                              Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                              MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                              SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                              SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                              SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):36352
                                                                                                                                                                                                                              Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                              MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                              SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                              SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                              SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                              Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                              MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                              SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                              SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                              SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                              Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                              MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                              SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                              SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                              SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20992
                                                                                                                                                                                                                              Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                              MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                              SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                              SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                              SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                                              Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                              MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                              SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                              SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                              SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                              Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                              MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                              SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                              SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                              SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                                              Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                              MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                              SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                              SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                              SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                              Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                              MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                              SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                              SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                              SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56832
                                                                                                                                                                                                                              Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                              MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                              SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                              SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                              SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57344
                                                                                                                                                                                                                              Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                              MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                              SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                              SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                              SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                              Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                              MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                              SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                              SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                              SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22016
                                                                                                                                                                                                                              Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                              MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                              SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                              SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                              SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                                              Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                              MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                              SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                              SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                              SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                                                                              Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                              MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                              SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                              SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                              SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                              Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                              MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                              SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                              SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                              SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                              Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                              MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                              SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                              SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                              SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                              Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                              MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                              SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                              SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                              SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                              Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                              MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                              SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                              SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                              SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                              Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                              MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                              SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                              SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                              SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                              Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                              MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                              SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                              SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                              SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                                              Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                              MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                              SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                              SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                              SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                                              Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                              MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                              SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                              SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                              SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                                              Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                              MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                              SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                              SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                              SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                                              Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                              MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                              SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                              SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                              SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                                              Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                              MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                              SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                              SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                              SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                                              Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                              MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                              SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                              SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                              SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                              Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                              MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                              SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                              SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                              SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):15872
                                                                                                                                                                                                                              Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                              MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                              SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                              SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                              SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                              Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                              MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                              SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                              SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                              SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):36352
                                                                                                                                                                                                                              Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                              MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                              SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                              SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                              SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                              Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                              MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                              SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                              SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                              SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22528
                                                                                                                                                                                                                              Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                              MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                              SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                              SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                              SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):70656
                                                                                                                                                                                                                              Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                              MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                              SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                              SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                              SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):770560
                                                                                                                                                                                                                              Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                              MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                              SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                              SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                              SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):26112
                                                                                                                                                                                                                              Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                              MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                              SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                              SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                              SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):84992
                                                                                                                                                                                                                              Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                              MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                              SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                              SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                              SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                              Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                              MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                              SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                              SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                              SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                              Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                              MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                              SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                              SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                              SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\VCRUNTIME140.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):109392
                                                                                                                                                                                                                              Entropy (8bit):6.641929675972235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                                              MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                                              SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                                              SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                                              SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_asyncio.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):71448
                                                                                                                                                                                                                              Entropy (8bit):6.243013214204417
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:nhaPPkvDcBlqCTFFQ/ObfW11swNIGOnL7SyaeCxT:hanCDcnqCJFOObfW11swNIGOnLoeE
                                                                                                                                                                                                                              MD5:2CD68FF636394D3019411611E27D0A3B
                                                                                                                                                                                                                              SHA1:DA369C5D1A32F68639170D8A265A9EA49C2C8EBD
                                                                                                                                                                                                                              SHA-256:0D4FBD46F922E548060EA74C95E99DC5F19B1DF69BE17706806760515C1C64FE
                                                                                                                                                                                                                              SHA-512:37388D137454F52057B2376D95ABCC955FA1EDC3E20B96445FA45D1860544E811DF0C547F221C8671DC1A4D90262BB20F3B9F114252F3C47A8C3829951A2CE51
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:.T.[...[...[...#*..[...'...[...'...[...'...[...'...[...&...[..M#...[...[...[...&...[...&...[...&F..[...&...[..Rich.[..........................PE..d...Q..e.........." ...#.f................................................... ......A&....`.............................................P......d......................../..............T...........................@...@............................................text...)d.......f.................. ..`.rdata..`O.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_bz2.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):84760
                                                                                                                                                                                                                              Entropy (8bit):6.584507188180646
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:FFzZz757cav+IuK66nlxX8W8LsANVIGCV87SyixL7:DzZzq6n3MhLsMVIGCV8O7
                                                                                                                                                                                                                              MD5:C7CE973F261F698E3DB148CCAD057C96
                                                                                                                                                                                                                              SHA1:59809FD48E8597A73211C5DF64C7292C5D120A10
                                                                                                                                                                                                                              SHA-256:02D772C03704FE243C8DE2672C210A5804D075C1F75E738D6130A173D08DFCDE
                                                                                                                                                                                                                              SHA-512:A924750B1825747A622EEF93331FD764D824C954297E37E8DC93A450C11AA7AB3AD7C3B823B11656B86E64DE3CD5D409FDA15DB472488DFAA4BB50341F0B29D1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.l.3...3...3...:...9......1......0......>......;......7.......0...x...1...3...l.......;.......2.......2.......2...Rich3...................PE..d...f..e.........." ...#.....^...............................................P.......@....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text............................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):179712
                                                                                                                                                                                                                              Entropy (8bit):6.180800197956408
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:IULjhBCx8qImKrUltSfGzdMcbb9CF8OS7jkSTLkKWlgeml:IgCeqImzSfIMcNCvOkSTLLWWem
                                                                                                                                                                                                                              MD5:FCB71CE882F99EC085D5875E1228BDC1
                                                                                                                                                                                                                              SHA1:763D9AFA909C15FEA8E016D321F32856EC722094
                                                                                                                                                                                                                              SHA-256:86F136553BA301C70E7BADA8416B77EB4A07F76CCB02F7D73C2999A38FA5FA5B
                                                                                                                                                                                                                              SHA-512:4A0E98AB450453FD930EDC04F0F30976ABB9214B693DB4B6742D784247FB062C57FAFAFB51EB04B7B4230039AB3B07D2FFD3454D6E261811F34749F2E35F04D6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...).....B......`........................................0............`..........................................h..l....i..................T............ .......O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...p..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_ctypes.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):124696
                                                                                                                                                                                                                              Entropy (8bit):6.1345016966871455
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:kuiS11BYNd+5AWdu41qOqJ/f/EX4lCPIWu1ptpIGLP+z:Pl1U+Ke/16f/ExWI
                                                                                                                                                                                                                              MD5:10FDCF63D1C3C3B7E5861FBB04D64557
                                                                                                                                                                                                                              SHA1:1AA153EFEC4F583643046618B60E495B6E03B3D7
                                                                                                                                                                                                                              SHA-256:BC3B83D2DC9E2F0E6386ED952384C6CF48F6EED51129A50DFD5EF6CBBC0A8FB3
                                                                                                                                                                                                                              SHA-512:DC702F4100ED835E198507CD06FA5389A063D4600FC08BE780690D729AB62114FD5E5B201D511B5832C14E90A5975ED574FC96EDB5A9AB9EB83F607C7A712C7F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.z.z.s...|....x....v....r....~.....x.1...{.1...|.....y.z.......|.....{...o.{.....{.Richz.................PE..d...c..e.........." ...#............p^..............................................".....`..........................................`.......a.........................../......p.......T...............................@............................................text............................... ..`.rdata...l.......n..................@..@.data....4.......0...h..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_decimal.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):253208
                                                                                                                                                                                                                              Entropy (8bit):6.567915765795386
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:DV0lmIvcruIDCiryrjqPBTn9qWM53pLW1AuDRRRctULoT3TdTx:SN0rQiryr8TaV+QTdTx
                                                                                                                                                                                                                              MD5:21C73E7E0D7DAD7A1FE728E3B80CE073
                                                                                                                                                                                                                              SHA1:7B363AF01E83C05D0EA75299B39C31D948BBFE01
                                                                                                                                                                                                                              SHA-256:A28C543976AA4B6D37DA6F94A280D72124B429F458D0D57B7DBCF71B4BEA8F73
                                                                                                                                                                                                                              SHA-512:0357102BFFC2EC2BC6FF4D9956D6B8E77ED8558402609E558F1C1EBC1BACA6AEAA5220A7781A69B783A54F3E76362D1F74D817E4EE22AAC16C7F8C86B6122390
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.R.!...!...!...Y=..!..+]...!..+]...!..+]...!..+]...!..M\...!...Y...!...!...!..M\...!..M\...!..M\...!..M\Q..!..M\...!..Rich.!..........PE..d...T..e.........." ...#.v...<......|.....................................................`..........................................T..P....T...................'......./......P...`...T........................... ...@............................................text....t.......v.................. ..`.rdata...............z..............@..@.data....*...p...$...R..............@....pdata...'.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_hashlib.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):64792
                                                                                                                                                                                                                              Entropy (8bit):6.219813461442214
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:CQGllrIdcGuzZc94cVM7gDX4NIGOI67Sy+xzn1:I6cvz+9IgDX4NIGOI6Sn1
                                                                                                                                                                                                                              MD5:F495D1897A1B52A2B15C20DCECB84B47
                                                                                                                                                                                                                              SHA1:8CB65590A8815BDA58C86613B6386B5982D9EC3F
                                                                                                                                                                                                                              SHA-256:E47E76D70D508B62924FE480F30E615B12FDD7745C0AAC68A2CDDABD07B692AE
                                                                                                                                                                                                                              SHA-512:725D408892887BEBD5BCF040A0ECC6A4E4B608815B9DEA5B6F7B95C812715F82079896DF33B0830C9F787FFE149B8182E529BB1F78AADD89DF264CF8853EE4C4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.U&...&u..'...&u..'...&u..'...&u..'...&...'...&...'...&...&M..&...'...&...'...&..9&...&...'...&Rich...&........PE..d......e.........." ...#.R...~.......>..............................................'.....`.............................................P.............................../......X....|..T............................{..@............p..(............................text...7P.......R.................. ..`.rdata...N...p...P...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_lzma.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):159512
                                                                                                                                                                                                                              Entropy (8bit):6.841828996170163
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:RmuEE9tZBoI+1hINrznfB9mNoNSn2Vh/VDxuVIGZ1L6E:RmuFPobkNpYONnvfuCE
                                                                                                                                                                                                                              MD5:4E2239ECE266230ECB231B306ADDE070
                                                                                                                                                                                                                              SHA1:E807A078B71C660DB10A27315E761872FFD01443
                                                                                                                                                                                                                              SHA-256:34130D8ABE27586EE315262D69AF4E27429B7EAB1F3131EA375C2BB62CF094BE
                                                                                                                                                                                                                              SHA-512:86E6A1EAB3529E600DD5CAAB6103E34B0F618D67322A5ECF1B80839FAA028150C492A5CF865A2292CC8584FBA008955DA81A50B92301583424401D249C5F1401
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TB#.5,p.5,p.5,p.M.p.5,p.I-q.5,p.I)q.5,p.I(q.5,p.I/q.5,pnH-q.5,p.M-q.5,p.5-p.5,pnH!q.5,pnH,q.5,pnH.p.5,pnH.q.5,pRich.5,p........PE..d......e.........." ...#.d..........06....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...........................p...@............................................text...:b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_multiprocessing.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):35096
                                                                                                                                                                                                                              Entropy (8bit):6.456173627081832
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:VAIvrenSE0PkA9c0ji+m9IGWte5YiSyv2pAAMxkEn:6ITQSH9c0jlm9IGWtU7SyOOxj
                                                                                                                                                                                                                              MD5:811BCEE2F4246265898167B103FC699B
                                                                                                                                                                                                                              SHA1:AE3DE8ACBA56CDE71001D3796A48730E1B9C7CCE
                                                                                                                                                                                                                              SHA-256:FB69005B972DC3703F9EF42E8E0FDDF8C835CB91F57EF9B6C66BBDF978C00A8C
                                                                                                                                                                                                                              SHA-512:1F71E23CE4B6BC35FE772542D7845DCBEA2A34522BA0468B61CB05F9ABAB7732CBF524BCFF498D1BD0B13B5E8A45C373CCA19AD20E5370F17259E281EDF344BE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)*.wGy.wGy.wGy...y.wGy'.Fx.wGy'.Bx.wGy'.Cx.wGy'.Dx.wGyA.Fx.wGy.wFy.wGy..Fx.wGyA.Jx.wGyA.Gx.wGyA..y.wGyA.Ex.wGyRich.wGy........................PE..d...W..e.........." ...#.....>......P.....................................................`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_overlapped.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):55576
                                                                                                                                                                                                                              Entropy (8bit):6.3454178187323755
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:2ND3ua5sIRL9EiqXxpNdtrtBIGXtz7SyNxM:2NjOiUpNdPBIGXtzi
                                                                                                                                                                                                                              MD5:F9C67280538408411BE9A7341B93B5B0
                                                                                                                                                                                                                              SHA1:CCF776CD2483BC83B48B1DB322D7B6FCAB48356E
                                                                                                                                                                                                                              SHA-256:5D298BB811037B583CFF6C88531F1742FAE5EEE47C290ADB47DDBD0D6126B9CC
                                                                                                                                                                                                                              SHA-512:AF2156738893EF504D582ACE6750B25BC42AD1EC8A92E0550CE54810706D854F37A82F38EB965A537CAD5D35C0178C5EB7B4D20DB2A95BEBFECF9A13C0592646
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|!{X.O(X.O(X.O(Qe.(\.O(.aN)Z.O(.aJ)T.O(.aK)P.O(.aL)[.O(.`N)Z.O(X.N(/.O(.eN)].O(.eK)Y.O(.`B)Y.O(.`O)Y.O(.`.(Y.O(.`M)Y.O(RichX.O(................PE..d...V..e.........." ...#.L...`......P...............................................wC....`.............................................X...X............................/......(....f..T...........................`e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_queue.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):32536
                                                                                                                                                                                                                              Entropy (8bit):6.464181935983508
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:/k+Ea6rfMkAYY0J/MpIGQUG5YiSyvHAMxkEJ5YSv:8tfHY0JEpIGQU87SyPx/Y+
                                                                                                                                                                                                                              MD5:6E00E0821BB519333CCFD4E61A83CB38
                                                                                                                                                                                                                              SHA1:3550A41BB2EA54F456940C4D1940ACAB36815949
                                                                                                                                                                                                                              SHA-256:2AD02D49691A629F038F48FCDEE46A07C4FCC2CB0620086E7B09AC11915AE6B7
                                                                                                                                                                                                                              SHA-512:C3F8332C10B58F30E292676B48ECF1860C5EF9546367B87E90789F960C91EAE4D462DD3EE9CB14F603B9086E81B6701AAB56DA5B635B22DB1E758ED0A983E562
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:W\.[9..[9..[9..#...[9..'8..[9..'<..[9..'=..[9..':..[9..&8..[9.M#8..[9..[8.M[9..&4..[9..&9..[9..&...[9..&;..[9.Rich.[9.........................PE..d...Y..e.........." ...#.....8.......................................................a....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_socket.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):83224
                                                                                                                                                                                                                              Entropy (8bit):6.340320871656589
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:ZUuhzLx79flWrqcqtpjly+uCo9/s+S+pzcHQ6B48/VI9dsSbxntpIGLwIU7SyZxL:ZU6zLRNawRy+uCo9/sT+pzuXxVIbsSde
                                                                                                                                                                                                                              MD5:899380B2D48DF53414B974E11BB711E3
                                                                                                                                                                                                                              SHA1:F1D11F7E970A7CD476E739243F8F197FCB3AD590
                                                                                                                                                                                                                              SHA-256:B38E66E6EE413E5955EF03D619CADD40FCA8BE035B43093D2342B6F3739E883E
                                                                                                                                                                                                                              SHA-512:7426CA5E7A404B9628E2966DAE544F3E8310C697145567B361825DC0B5C6CD87F2CAF567DEF8CD19E73D68643F2F38C08FF4FF0BB0A459C853F241B8FDF40024
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J./.+z|.+z|.+z|.S.|.+z|.W{}.+z|.W.}.+z|.W~}.+z|.Wy}.+z|}V{}.+z|.+{|.+z|.S{}.+z|}Vw}.+z|}Vz}.+z|}V.|.+z|}Vx}.+z|Rich.+z|................PE..d......e.........." ...#.v...........-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_sqlite3.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):124696
                                                                                                                                                                                                                              Entropy (8bit):6.2652662506859444
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:fZIPlR6TxhNO7/9CO4w5yIFGcXcpVNIGOQyl:RjFHO7kC56cXuo
                                                                                                                                                                                                                              MD5:CEE93C920951C1169B615CB6330CEDDA
                                                                                                                                                                                                                              SHA1:EF2ABF9F760DB2DE0BD92AFE8766A0B798CF8167
                                                                                                                                                                                                                              SHA-256:FF25BDBEEF34D2AA420A79D3666C2660E7E3E96259D1F450F1AF5268553380EC
                                                                                                                                                                                                                              SHA-512:999D324448BB39793E4807432C697F01F8922B0ABA4519A21D5DC4F4FC8E9E4737D7E104B205B931AF753EDA65F61D0C744F12BE84446F9C6CB3C2A5B35B773C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@.g...g...g.......g..../..g......g....+..g....*..g....-..g..q./..g..../..g...g/..f..q.#..g..q....g..q...g..q.,..g..Rich.g..........PE..d......e.........." ...#.............................................................-....`.........................................po..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_ssl.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):177432
                                                                                                                                                                                                                              Entropy (8bit):5.975354635226847
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:KXGEr/16/nJxNOJW5NT6X3l44K5WOSCSVRJNI7IM/cbP7RHs3J7VIGC7hN:Y/r/16/nDNPT6X3l1CMVS7i
                                                                                                                                                                                                                              MD5:9B4E74FD1DE0F8A197E4AA1E16749186
                                                                                                                                                                                                                              SHA1:833179B49EB27C9474B5189F59ED7ECF0E6DC9EA
                                                                                                                                                                                                                              SHA-256:A4CE52A9E0DADDBBE7A539D1A7EDA787494F2173DDCC92A3FAF43B7CF597452B
                                                                                                                                                                                                                              SHA-512:AE72B39CB47A859D07A1EE3E73DE655678FE809C5C17FFD90797B5985924DDB47CEB5EBE896E50216FB445526C4CBB95E276E5F3810035B50E4604363EB61CD4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.k.4.8.4.8.4.8.L)8.4.8.H.9.4.8.H.9.4.8.H.9.4.8.H.9.4.8kI.9.4.8.4.8#5.8.L.9.4.8kI.9.4.8kI.9.4.8kIE8.4.8kI.9.4.8Rich.4.8........................PE..d......e.........." ...#............\,....................................................`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_uuid.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):25368
                                                                                                                                                                                                                              Entropy (8bit):6.6272949891352315
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:lrfwHnEWGQiAQVIGZwJXHQIYiSy1pCQ4XAM+o/8E9VF0NyqzJSj:dQnEIHQVIGZw95YiSyv8AMxkEqw
                                                                                                                                                                                                                              MD5:3C8737723A903B08D5D718336900FD8C
                                                                                                                                                                                                                              SHA1:2AD2D0D50F6B52291E59503222B665B1823B0838
                                                                                                                                                                                                                              SHA-256:BB418E91E543C998D11F9E65FD2A4899B09407FF386E059A88FE2A16AED2556B
                                                                                                                                                                                                                              SHA-512:1D974EC1C96E884F30F4925CC9A03FB5AF78687A267DEC0D1582B5D7561D251FB733CF733E0CC00FAEE86F0FEF6F73D36A348F3461C6D34B0238A75F69320D10
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<p.R#.R#.R#...#.R#i.S".R#i.W".R#i.V".R#i.Q".R#..S".R#..S".R#.S#..R#..Z".R#..R".R#...#.R#..P".R#Rich.R#........................PE..d...]..e.........." ...#.....&...... ........................................p......wz....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\_wmi.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):36632
                                                                                                                                                                                                                              Entropy (8bit):6.364173312940401
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:PgMwnWGwMtUTA7LlVIGCilx5YiSyvzAMxkEaFy:PgMwWGJtGA7LlVIGCih7Syrx+g
                                                                                                                                                                                                                              MD5:EE33F4C8D17D17AD62925E85097B0109
                                                                                                                                                                                                                              SHA1:8C4A03531CF3DBFE6F378FDAB9699D51E7888796
                                                                                                                                                                                                                              SHA-256:79ADCA5037D9145309D3BD19F7A26F7BB7DA716EE86E01073C6F2A9681E33DAD
                                                                                                                                                                                                                              SHA-512:60B0705A371AD2985DB54A91F0E904EEA502108663EA3C3FB18ED54671BE1932F4F03E8E3FD687A857A5E3500545377B036276C69E821A7D6116B327F5B3D5C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._\...=.@.=.@.=.@.En@.=.@.A.A.=.@.A.A.=.@.A.A.=.@.@.A.=.@.A.A.=.@PE.A.=.@.=.@A=.@PE.A.=.@.@.A.=.@.@.A.=.@.@.@.=.@.@.A.=.@Rich.=.@........PE..d..._..e.........." ...#.(...:.......&....................................................`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text...>&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\base_library.zip

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1329520
                                                                                                                                                                                                                              Entropy (8bit):5.586658826960449
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:uttcY+b+2OGgRF1+fYNXPh26UZWAzau7joD9VwdgbVDdYeP1whshZgCCaYchi:uttcY+PnCiaAoDNBDdYePyqEaYchi
                                                                                                                                                                                                                              MD5:C4DCF6023D754DAA9A41D6D2DA6842CA
                                                                                                                                                                                                                              SHA1:2B1ACA3FFEBDE36FA31AB9A14A709C7C6C125773
                                                                                                                                                                                                                              SHA-256:3C472B0FDFBFEB7721FAC540BF55EEC190EDF5AEA6C370A4C3BFF87F88077A97
                                                                                                                                                                                                                              SHA-512:55A9E82B36AADD29AC22811EE295E75FC9EA12912DD6C498AB808A6DC83BE4FAB40ECA2BCCB991D593180E2162A456903479810E7B31B848ACD363DEFB15726D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\certifi\cacert.pem

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):299427
                                                                                                                                                                                                                              Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                              MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                              SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                              SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                              SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                              Entropy (8bit):4.817893239381772
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                                                              MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                                                              SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                                                              SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                                                              SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):124928
                                                                                                                                                                                                                              Entropy (8bit):5.935676608756784
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                                                              MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                                                              SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                                                              SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                                                              SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5724
                                                                                                                                                                                                                              Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                              MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                              SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                              SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                              SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16380
                                                                                                                                                                                                                              Entropy (8bit):5.587009861664839
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hXr12s/l45jEVeK+VqhXJZ4WJJ6sf7B0PpzIq+NX6ih5VFUqq8q:hXplMEVdhJrJJ6sf7B0Ppz/+96ihu8q
                                                                                                                                                                                                                              MD5:A53742D3EE69CAE1FD8BDEDAC05BB828
                                                                                                                                                                                                                              SHA1:02BC360839FEB54E58E14D410266652DCB718353
                                                                                                                                                                                                                              SHA-256:9518E7D9DA0F889F568F800E1A4ADC0686234DC9D9934A46F78FFB5E6C351A98
                                                                                                                                                                                                                              SHA-512:C69C4D3ECA56D725E90F9F0C4B98071F4F92A3BC06A635CE0D6309976C750B20B3DA353EFED27F07712FF5E0C1A8114300004C8E2D2EE9155F31D856A3C6EE05
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):94
                                                                                                                                                                                                                              Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                              MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                              SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                              SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                              SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):197
                                                                                                                                                                                                                              Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                              MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                              SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                              SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                              SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8292864
                                                                                                                                                                                                                              Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                              MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                              SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                              SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                              SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\libcrypto-3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5162776
                                                                                                                                                                                                                              Entropy (8bit):5.958207976652471
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
                                                                                                                                                                                                                              MD5:51E8A5281C2092E45D8C97FBDBF39560
                                                                                                                                                                                                                              SHA1:C499C810ED83AAADCE3B267807E593EC6B121211
                                                                                                                                                                                                                              SHA-256:2A234B5AA20C3FAECF725BBB54FB33F3D94543F78FA7045408E905593E49960A
                                                                                                                                                                                                                              SHA-512:98B91719B0975CB38D3B3C7B6F820D184EF1B64D38AD8515BE0B8B07730E2272376B9E51631FE9EFD9B8A1709FEA214CF3F77B34EEB9FD282EB09E395120E7CB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#..6..*......v.........................................O.......O...`.........................................0.G.0.....M.@....0N.|.....K.\.....N../...@N.....PsC.8............................qC.@.............M..............................text...4.6.......6................. ..`.rdata..`.....6.......6.............@..@.data....n....J..<....J.............@....pdata........K.......J.............@..@.idata...%....M..&....M.............@..@.00cfg..u.... N.......M.............@..@.rsrc...|....0N.......M.............@..@.reloc..k....@N.......M.............@..B................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\libffi-8.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):39696
                                                                                                                                                                                                                              Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\libssl-3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):790296
                                                                                                                                                                                                                              Entropy (8bit):5.607732992846443
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
                                                                                                                                                                                                                              MD5:BFC834BB2310DDF01BE9AD9CFF7C2A41
                                                                                                                                                                                                                              SHA1:FB1D601B4FCB29FF1B13B0D2ED7119BD0472205C
                                                                                                                                                                                                                              SHA-256:41AD1A04CA27A7959579E87FBBDA87C93099616A64A0E66260C983381C5570D1
                                                                                                                                                                                                                              SHA-512:6AF473C7C0997F2847EBE7CEE8EF67CD682DEE41720D4F268964330B449BA71398FDA8954524F9A97CC4CDF9893B8BDC7A1CF40E9E45A73F4F35A37F31C6A9C3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.6..........K........................................0.......w....`..........................................w...Q..............s.... ..pM......./......`... ...8...............................@............................................text....4.......6.................. ..`.rdata...y...P...z...:..............@..@.data....N.......H..................@....pdata..XV... ...X..................@..@.idata..bc.......d...T..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..?...........................@..B................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\pyexpat.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):200472
                                                                                                                                                                                                                              Entropy (8bit):6.382659996286758
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:mhaQEuYCUDWuc7VmkqrgVrLJEKAAKJadAT0nIgjWdopPb/+mVApIGLhSZ:yaJh6v7VRVrLJEKAABiuXKd4GE
                                                                                                                                                                                                                              MD5:F554064233C082F98EF01195693D967D
                                                                                                                                                                                                                              SHA1:F191D42807867E0174DDC66D04C45250D9F6561E
                                                                                                                                                                                                                              SHA-256:E1D56FFBF5E5FAB481D7A14691481B8FF5D2F4C6BF5D1A4664C832756C5942FE
                                                                                                                                                                                                                              SHA-512:3573A226305CEC45333FC4D0E6FC0C3357421AD77CD8A1899C90515994351292EE5D1C445412B5563AA02520736E870A9EE879909CD992F5BE32E877792BDB88
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................g.................................h.......................h.......h.......h.......h.......Rich....................PE..d...Z..e.........." ...#............0...............................................2.....`.............................................P...`............................/..........P4..T............................3..@............ ...............................text.../........................... ..`.rdata..4.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\python3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):68376
                                                                                                                                                                                                                              Entropy (8bit):6.14883904573939
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:3V1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/J:3DmF61JFn+/OipIGL0m7Sy0xG
                                                                                                                                                                                                                              MD5:77896345D4E1C406EEFF011F7A920873
                                                                                                                                                                                                                              SHA1:EE8CDD531418CFD05C1A6792382D895AC347216F
                                                                                                                                                                                                                              SHA-256:1E9224BA7190B6301EF47BEFA8E383D0C55700255D04A36F7DAC88EA9573F2FB
                                                                                                                                                                                                                              SHA-512:3E98B1B605D70244B42A13A219F9E124944DA199A88AD4302308C801685B0C45A037A76DED319D08DBF55639591404665BEFE2091F0F4206A9472FEE58D55C22
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."e.."e.."e.0_m.."e.0_e.."e.0_..."e.0_g.."e.Rich."e.................PE..d...@..e.........." ...#............................................................q.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\python312.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):6972184
                                                                                                                                                                                                                              Entropy (8bit):5.774196030396665
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:98304:B6vwRS7fYzmSSVlLWyJVT7OQvxHDMiEPlk:8vwRHTSVlfJVmir
                                                                                                                                                                                                                              MD5:5C5602CDA7AB8418420F223366FFF5DB
                                                                                                                                                                                                                              SHA1:52F81EE0AEF9B6906F7751FD2BBD4953E3F3B798
                                                                                                                                                                                                                              SHA-256:E7890E38256F04EE0B55AC5276BBF3AC61392C3A3CE150BB5497B709803E17CE
                                                                                                                                                                                                                              SHA-512:51C3B4F29781BB52C137DDB356E1BC5A37F3A25F0ED7D89416B14ED994121F884CB3E40CCDBB211A8989E3BD137B8DF8B28E232F98DE8F35B03965CFCE4B424F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................m.................x...s...x......x......x......Rich............PE..d...=..e.........." ...#..(..6B.....l........................................@k.......k...`......................................... .O.......O.......i......``..V...4j../....i..X.. I3.T....................7I.(....G3.@.............(..............................text...V.(.......(................. ..`.rdata...A'...(..B'...(.............@..@.data....4... P..x....O.............@....pdata...V...``..X...v_.............@..@PyRuntim......b.......a.............@....rsrc.........i.......h.............@..@.reloc...X....i..Z....h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\select.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):31000
                                                                                                                                                                                                                              Entropy (8bit):6.531624163477087
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:s7ENJKHq1vv38pIGQGE5YiSyvTcAMxkEMrX:s7ENJKK1vv38pIGQGO7Syb6xuX
                                                                                                                                                                                                                              MD5:BFFFF83A000BAF559F3EB2B599A1B7E8
                                                                                                                                                                                                                              SHA1:7F9238BDA6D0C7CC5399C6B6AB3B42D21053F467
                                                                                                                                                                                                                              SHA-256:BC71FBDFD1441D62DD86D33FF41B35DC3CC34875F625D885C58C8DC000064DAB
                                                                                                                                                                                                                              SHA-512:3C0BA0CF356A727066AE0D0D6523440A882AAFB3EBDF70117993EFFD61395DEEBF179948F8C7F5222D59D1ED748C71D9D53782E16BD2F2ECCC296F2F8B4FC948
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t.q|'.q|'.q|'...'.q|'q.}&.q|'q.y&.q|'q.x&.q|'q..&.q|'..}&.q|'.q}'.q|'..}&.q|'..q&.q|'..|&.q|'...'.q|'..~&.q|'Rich.q|'........PE..d...Z..e.........." ...#.....2............................................................`..........................................@..L...,A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text...v........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11358
                                                                                                                                                                                                                              Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                              MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                              SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                              SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                              SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4648
                                                                                                                                                                                                                              Entropy (8bit):5.006900644756252
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                                              MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                                              SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                                              SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                                              SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2518
                                                                                                                                                                                                                              Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                                              MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                                              SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                                              SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                                              SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):91
                                                                                                                                                                                                                              Entropy (8bit):4.687870576189661
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                                              MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                                              SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                                              SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                                              SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):19
                                                                                                                                                                                                                              Entropy (8bit):3.536886723742169
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                                              MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                                              SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                                              SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                                              SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:importlib_metadata.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1335
                                                                                                                                                                                                                              Entropy (8bit):4.226823573023539
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                                              MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                                              SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                                              SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                                              SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1107
                                                                                                                                                                                                                              Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                              MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                              SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                              SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                              SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2153
                                                                                                                                                                                                                              Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                              MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                              SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                              SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                              SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4557
                                                                                                                                                                                                                              Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                              MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                              SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                              SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                              SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):81
                                                                                                                                                                                                                              Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                              MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                              SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                              SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                              SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):104
                                                                                                                                                                                                                              Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                              MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                              SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                              SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                              SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\sqlite3.dll

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1504024
                                                                                                                                                                                                                              Entropy (8bit):6.578874733366613
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:95WQyUuqjJVKMXijWRwtHHofIyEcL/2m75i5zxHWc9C08lY8ore60hH:9b0yVKMyjWR6nofQm7U59HWKYY8
                                                                                                                                                                                                                              MD5:82EA0259009FF75BBA817BD8C15C7588
                                                                                                                                                                                                                              SHA1:04C49687D8241B43AE61A6C59299255EF09A7B39
                                                                                                                                                                                                                              SHA-256:8AA8B909A39FCC33D1EC2AD51EAC6714A318C6EFD04F963D21B75D8F64809AD6
                                                                                                                                                                                                                              SHA-512:1F8B3343898462E385D25E1820A3D7D971D633933E482EA9FFC596E7E1F902F5657A9F2C104CF320EEEF34CCE814261304E2E1C063BE4C6A807ADC9B75F3E670
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W..W..W..^.P.[....U....Z...._.....S.....T..W........V.....V....<.V......V..RichW..........................PE..d......e.........." ...#..................................................................`.........................................Px...".............................../...........*..T............................(..@...............8............................text............................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI45762\unicodedata.pyd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1137944
                                                                                                                                                                                                                              Entropy (8bit):5.462221778372869
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12288:IFrEHdcM6hbZCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfctZq:IFrEXcCjfk7bPNfv42BN6yzUtZq
                                                                                                                                                                                                                              MD5:A1388676824CE6347D31D6C6A7A1D1B5
                                                                                                                                                                                                                              SHA1:27DD45A5C9B7E61BB894F13193212C6D5668085B
                                                                                                                                                                                                                              SHA-256:2480A78815F619A631210E577E733C9BAFECB7F608042E979423C5850EE390FF
                                                                                                                                                                                                                              SHA-512:26EA1B33F14F08BB91027E0D35AC03F6203B4DFEEE602BB592C5292AB089B27FF6922DA2804A9E8A28E47D4351B32CF93445D894F00B4AD6E2D0C35C6C7F1D89
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3m..3m..3m..:...5m......1m......>m......;m......0m......0m..x...1m..3m..cm......2m......2m....j.2m......2m..Rich3m..................PE..d...]..e.........." ...#.>..........`*.......................................p.......%....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.993419130235619
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:shost.exe
                                                                                                                                                                                                                              File size:16'895'360 bytes
                                                                                                                                                                                                                              MD5:e6c0aa5771a46907706063ae1d8b4fb9
                                                                                                                                                                                                                              SHA1:966ce51dfb51cf7e9db0c86eb35b964195c21bf2
                                                                                                                                                                                                                              SHA256:b76d1577baac7071b5243e8639007e2cdd406258d6da07386fb0d638988d382f
                                                                                                                                                                                                                              SHA512:194beea483af2a2bc844927dbcf6b1ff2e028cc5e10dd93d47917d24cbba551f888b1fa795385f24bbb72efc619f1c28c25e171437fd810fa87de5ef895f313f
                                                                                                                                                                                                                              SSDEEP:393216:d9Yid4u1iwq3Obs2ClZW+eGQRe9joGBGcyez5t9H:d9YidRMwq3ObRqZW+e5Re9MWv
                                                                                                                                                                                                                              TLSH:F4073350E0D4ACEAC772563BAD768101A6A2BF1507BCCA5F6731B0061EB31C1697EF2D
                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:1262a1a0aa92aa8a

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x14000ce20
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x6757FC0C [Tue Dec 10 08:30:04 2024 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                              call 00007F0698E060DCh
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                              jmp 00007F0698E05CFFh
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                              call 00007F0698E064A8h
                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                              je 00007F0698E05EA3h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                              jmp 00007F0698E05E87h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              cmp ecx, eax
                                                                                                                                                                                                                              je 00007F0698E05E96h
                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                                              jne 00007F0698E05E70h
                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              mov al, 01h
                                                                                                                                                                                                                              jmp 00007F0698E05E79h
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                              test ecx, ecx
                                                                                                                                                                                                                              jne 00007F0698E05E89h
                                                                                                                                                                                                                              mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                                              call 00007F0698E055D5h
                                                                                                                                                                                                                              call 00007F0698E068C0h
                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                              jne 00007F0698E05E86h
                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                              jmp 00007F0698E05E96h
                                                                                                                                                                                                                              call 00007F0698E133DFh
                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                              jne 00007F0698E05E8Bh
                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                              call 00007F0698E068D0h
                                                                                                                                                                                                                              jmp 00007F0698E05E6Ch
                                                                                                                                                                                                                              mov al, 01h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                                              cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                                                                              jne 00007F0698E05EE9h
                                                                                                                                                                                                                              cmp ecx, 01h
                                                                                                                                                                                                                              jnbe 00007F0698E05EECh
                                                                                                                                                                                                                              call 00007F0698E0641Eh
                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                              je 00007F0698E05EAAh
                                                                                                                                                                                                                              test ebx, ebx
                                                                                                                                                                                                                              jne 00007F0698E05EA6h
                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                              lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                                              call 00007F0698E131D2h

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x19a1c.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x610000x764.reloc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x2b0000x12a280x12c009fc67d9a6c6aee64134355d12ce23875False0.5242838541666667data5.750772231906574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x470000x19a1c0x19c0035db13bd970349e79d066a52e38a415aFalse0.07967991504854369data3.7032712285528175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .reloc0x610000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                              RT_ICON0x471d80xdcfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.925035360678925
                                                                                                                                                                                                                              RT_ICON0x47fa80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.02200402224062463
                                                                                                                                                                                                                              RT_ICON0x587d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.05402692489371753
                                                                                                                                                                                                                              RT_ICON0x5c9f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.0766597510373444
                                                                                                                                                                                                                              RT_ICON0x5efa00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.12781425891181988
                                                                                                                                                                                                                              RT_ICON0x600480x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.28102836879432624
                                                                                                                                                                                                                              RT_GROUP_ICON0x604b00x5adata0.7666666666666667
                                                                                                                                                                                                                              RT_MANIFEST0x6050c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                                              KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.503896952 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.503959894 CET44349711162.159.136.232192.168.2.6
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.505917072 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.513106108 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.513130903 CET44349711162.159.136.232192.168.2.6
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.736417055 CET44349711162.159.136.232192.168.2.6
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.737076044 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.737108946 CET44349711162.159.136.232192.168.2.6
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.738668919 CET44349711162.159.136.232192.168.2.6
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.738759041 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.740219116 CET49711443192.168.2.6162.159.136.232
                                                                                                                                                                                                                              Dec 13, 2024 08:43:10.740387917 CET49711443192.168.2.6162.159.136.232

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.315706968 CET5103953192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET53510391.1.1.1192.168.2.6

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.315706968 CET192.168.2.61.1.1.10x29eaStandard query (0)discord.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET1.1.1.1192.168.2.60x29eaNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET1.1.1.1192.168.2.60x29eaNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET1.1.1.1192.168.2.60x29eaNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET1.1.1.1192.168.2.60x29eaNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 13, 2024 08:43:09.455245018 CET1.1.1.1192.168.2.60x29eaNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false

                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                              Start time:02:43:02
                                                                                                                                                                                                                              Start date:13/12/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\shost.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff786880000
                                                                                                                                                                                                                              File size:16'895'360 bytes
                                                                                                                                                                                                                              MD5 hash:E6C0AA5771A46907706063AE1D8B4FB9
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                              Start time:02:43:04
                                                                                                                                                                                                                              Start date:13/12/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\shost.exe"
                                                                                                                                                                                                                              Imagebase:0x7ff786880000
                                                                                                                                                                                                                              File size:16'895'360 bytes
                                                                                                                                                                                                                              MD5 hash:E6C0AA5771A46907706063AE1D8B4FB9
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_MuckStealer, Description: Yara detected Muck Stealer, Source: 00000002.00000002.3395068991.00000271C50A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:9.5%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:17.2%
                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                Total number of Limit Nodes:40
                                                                                                                                                                                                                                execution_graph 17017 7ff78688ccac 17038 7ff78688ce7c 17017->17038 17020 7ff78688cdf8 17192 7ff78688d19c IsProcessorFeaturePresent 17020->17192 17021 7ff78688ccc8 __scrt_acquire_startup_lock 17023 7ff78688ce02 17021->17023 17030 7ff78688cce6 __scrt_release_startup_lock 17021->17030 17024 7ff78688d19c 7 API calls 17023->17024 17026 7ff78688ce0d __FrameHandler3::FrameUnwindToEmptyState 17024->17026 17025 7ff78688cd0b 17027 7ff78688cd91 17044 7ff78688d2e4 17027->17044 17029 7ff78688cd96 17047 7ff786881000 17029->17047 17030->17025 17030->17027 17181 7ff786899b9c 17030->17181 17035 7ff78688cdb9 17035->17026 17188 7ff78688d000 17035->17188 17039 7ff78688ce84 17038->17039 17040 7ff78688ce90 __scrt_dllmain_crt_thread_attach 17039->17040 17041 7ff78688ccc0 17040->17041 17042 7ff78688ce9d 17040->17042 17041->17020 17041->17021 17042->17041 17199 7ff78688d8f8 17042->17199 17045 7ff7868aa540 __scrt_get_show_window_mode 17044->17045 17046 7ff78688d2fb GetStartupInfoW 17045->17046 17046->17029 17048 7ff786881009 17047->17048 17226 7ff7868954f4 17048->17226 17050 7ff7868837fb 17233 7ff7868836b0 17050->17233 17055 7ff78688c5c0 _log10_special 8 API calls 17058 7ff786883ca7 17055->17058 17056 7ff78688383c 17393 7ff786881c80 17056->17393 17057 7ff78688391b 17402 7ff7868845b0 17057->17402 17186 7ff78688d328 GetModuleHandleW 17058->17186 17061 7ff78688385b 17305 7ff786888a20 17061->17305 17064 7ff78688396a 17425 7ff786882710 17064->17425 17066 7ff78688388e 17074 7ff7868838bb __std_exception_copy 17066->17074 17397 7ff786888b90 17066->17397 17068 7ff78688395d 17069 7ff786883984 17068->17069 17070 7ff786883962 17068->17070 17072 7ff786881c80 49 API calls 17069->17072 17421 7ff7868900bc 17070->17421 17075 7ff7868839a3 17072->17075 17076 7ff786888a20 14 API calls 17074->17076 17083 7ff7868838de __std_exception_copy 17074->17083 17080 7ff786881950 115 API calls 17075->17080 17076->17083 17078 7ff786883a0b 17079 7ff786888b90 40 API calls 17078->17079 17081 7ff786883a17 17079->17081 17082 7ff7868839ce 17080->17082 17084 7ff786888b90 40 API calls 17081->17084 17082->17061 17085 7ff7868839de 17082->17085 17089 7ff78688390e __std_exception_copy 17083->17089 17436 7ff786888b30 17083->17436 17086 7ff786883a23 17084->17086 17087 7ff786882710 54 API calls 17085->17087 17088 7ff786888b90 40 API calls 17086->17088 17170 7ff786883808 __std_exception_copy 17087->17170 17088->17089 17090 7ff786888a20 14 API calls 17089->17090 17091 7ff786883a3b 17090->17091 17092 7ff786883b2f 17091->17092 17093 7ff786883a60 __std_exception_copy 17091->17093 17094 7ff786882710 54 API calls 17092->17094 17095 7ff786888b30 40 API calls 17093->17095 17106 7ff786883aab 17093->17106 17094->17170 17095->17106 17096 7ff786888a20 14 API calls 17097 7ff786883bf4 __std_exception_copy 17096->17097 17098 7ff786883c46 17097->17098 17099 7ff786883d41 17097->17099 17100 7ff786883cd4 17098->17100 17101 7ff786883c50 17098->17101 17443 7ff7868844d0 17099->17443 17104 7ff786888a20 14 API calls 17100->17104 17318 7ff7868890e0 17101->17318 17108 7ff786883ce0 17104->17108 17105 7ff786883d4f 17109 7ff786883d65 17105->17109 17110 7ff786883d71 17105->17110 17106->17096 17111 7ff786883c61 17108->17111 17114 7ff786883ced 17108->17114 17446 7ff786884620 17109->17446 17113 7ff786881c80 49 API calls 17110->17113 17117 7ff786882710 54 API calls 17111->17117 17123 7ff786883cc8 __std_exception_copy 17113->17123 17118 7ff786881c80 49 API calls 17114->17118 17117->17170 17121 7ff786883d0b 17118->17121 17119 7ff786883dc4 17368 7ff786889400 17119->17368 17121->17123 17124 7ff786883d12 17121->17124 17122 7ff786883dd7 SetDllDirectoryW 17128 7ff786883e0a 17122->17128 17172 7ff786883e5a 17122->17172 17123->17119 17125 7ff786883da7 SetDllDirectoryW LoadLibraryExW 17123->17125 17127 7ff786882710 54 API calls 17124->17127 17125->17119 17127->17170 17130 7ff786888a20 14 API calls 17128->17130 17129 7ff786883ffc 17132 7ff786884029 17129->17132 17133 7ff786884006 PostMessageW GetMessageW 17129->17133 17137 7ff786883e16 __std_exception_copy 17130->17137 17131 7ff786883f1b 17373 7ff7868833c0 17131->17373 17523 7ff786883360 17132->17523 17133->17132 17140 7ff786883ef2 17137->17140 17144 7ff786883e4e 17137->17144 17143 7ff786888b30 40 API calls 17140->17143 17143->17172 17144->17172 17449 7ff786886db0 17144->17449 17149 7ff786886fb0 FreeLibrary 17157 7ff786883e81 17160 7ff786883ea2 17157->17160 17173 7ff786883e85 17157->17173 17470 7ff786886df0 17157->17470 17160->17173 17489 7ff7868871a0 17160->17489 17170->17055 17172->17129 17172->17131 17173->17172 17505 7ff786882a50 17173->17505 17182 7ff786899bd4 17181->17182 17183 7ff786899bb3 17181->17183 19451 7ff78689a448 17182->19451 17183->17027 17187 7ff78688d339 17186->17187 17187->17035 17190 7ff78688d011 17188->17190 17189 7ff78688cdd0 17189->17025 17190->17189 17191 7ff78688d8f8 7 API calls 17190->17191 17191->17189 17193 7ff78688d1c2 _isindst __scrt_get_show_window_mode 17192->17193 17194 7ff78688d1e1 RtlCaptureContext RtlLookupFunctionEntry 17193->17194 17195 7ff78688d246 __scrt_get_show_window_mode 17194->17195 17196 7ff78688d20a RtlVirtualUnwind 17194->17196 17197 7ff78688d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17195->17197 17196->17195 17198 7ff78688d2c6 _isindst 17197->17198 17198->17023 17200 7ff78688d900 17199->17200 17201 7ff78688d90a 17199->17201 17205 7ff78688dc94 17200->17205 17201->17041 17206 7ff78688d905 17205->17206 17207 7ff78688dca3 17205->17207 17209 7ff78688dd00 17206->17209 17213 7ff78688ded0 17207->17213 17210 7ff78688dd2b 17209->17210 17211 7ff78688dd2f 17210->17211 17212 7ff78688dd0e DeleteCriticalSection 17210->17212 17211->17201 17212->17210 17217 7ff78688dd38 17213->17217 17218 7ff78688de22 TlsFree 17217->17218 17223 7ff78688dd7c __vcrt_FlsAlloc 17217->17223 17219 7ff78688ddaa LoadLibraryExW 17221 7ff78688de49 17219->17221 17222 7ff78688ddcb GetLastError 17219->17222 17220 7ff78688de69 GetProcAddress 17220->17218 17221->17220 17224 7ff78688de60 FreeLibrary 17221->17224 17222->17223 17223->17218 17223->17219 17223->17220 17225 7ff78688dded LoadLibraryExW 17223->17225 17224->17220 17225->17221 17225->17223 17227 7ff78689f4f0 17226->17227 17229 7ff78689f596 17227->17229 17230 7ff78689f543 17227->17230 17228 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17232 7ff78689f56c 17228->17232 17536 7ff78689f3c8 17229->17536 17230->17228 17232->17050 17544 7ff78688c8c0 17233->17544 17236 7ff7868836eb GetLastError 17551 7ff786882c50 17236->17551 17237 7ff786883710 17546 7ff7868892f0 FindFirstFileExW 17237->17546 17240 7ff786883706 17245 7ff78688c5c0 _log10_special 8 API calls 17240->17245 17242 7ff78688377d 17577 7ff7868894b0 17242->17577 17243 7ff786883723 17566 7ff786889370 CreateFileW 17243->17566 17247 7ff7868837b5 17245->17247 17247->17170 17255 7ff786881950 17247->17255 17249 7ff78688378b 17249->17240 17253 7ff786882810 49 API calls 17249->17253 17250 7ff78688374c __vcrt_FlsAlloc 17250->17242 17251 7ff786883734 17569 7ff786882810 17251->17569 17253->17240 17256 7ff7868845b0 108 API calls 17255->17256 17257 7ff786881985 17256->17257 17258 7ff786881c43 17257->17258 17260 7ff786887f80 83 API calls 17257->17260 17259 7ff78688c5c0 _log10_special 8 API calls 17258->17259 17261 7ff786881c5e 17259->17261 17262 7ff7868819cb 17260->17262 17261->17056 17261->17057 17275 7ff786881a03 17262->17275 17922 7ff786890744 17262->17922 17264 7ff7868900bc 74 API calls 17264->17258 17265 7ff7868819e5 17266 7ff7868819e9 17265->17266 17267 7ff786881a08 17265->17267 17268 7ff786894f78 _get_daylight 11 API calls 17266->17268 17926 7ff78689040c 17267->17926 17270 7ff7868819ee 17268->17270 17929 7ff786882910 17270->17929 17273 7ff786881a26 17276 7ff786894f78 _get_daylight 11 API calls 17273->17276 17274 7ff786881a45 17279 7ff786881a5c 17274->17279 17280 7ff786881a7b 17274->17280 17275->17264 17277 7ff786881a2b 17276->17277 17278 7ff786882910 54 API calls 17277->17278 17278->17275 17281 7ff786894f78 _get_daylight 11 API calls 17279->17281 17282 7ff786881c80 49 API calls 17280->17282 17283 7ff786881a61 17281->17283 17284 7ff786881a92 17282->17284 17285 7ff786882910 54 API calls 17283->17285 17286 7ff786881c80 49 API calls 17284->17286 17285->17275 17287 7ff786881add 17286->17287 17288 7ff786890744 73 API calls 17287->17288 17289 7ff786881b01 17288->17289 17290 7ff786881b16 17289->17290 17291 7ff786881b35 17289->17291 17293 7ff786894f78 _get_daylight 11 API calls 17290->17293 17292 7ff78689040c _fread_nolock 53 API calls 17291->17292 17294 7ff786881b4a 17292->17294 17295 7ff786881b1b 17293->17295 17297 7ff786881b50 17294->17297 17298 7ff786881b6f 17294->17298 17296 7ff786882910 54 API calls 17295->17296 17296->17275 17299 7ff786894f78 _get_daylight 11 API calls 17297->17299 17944 7ff786890180 17298->17944 17301 7ff786881b55 17299->17301 17303 7ff786882910 54 API calls 17301->17303 17303->17275 17304 7ff786882710 54 API calls 17304->17275 17306 7ff786888a2a 17305->17306 17307 7ff786889400 2 API calls 17306->17307 17308 7ff786888a49 GetEnvironmentVariableW 17307->17308 17309 7ff786888ab2 17308->17309 17310 7ff786888a66 ExpandEnvironmentStringsW 17308->17310 17311 7ff78688c5c0 _log10_special 8 API calls 17309->17311 17310->17309 17312 7ff786888a88 17310->17312 17313 7ff786888ac4 17311->17313 17314 7ff7868894b0 2 API calls 17312->17314 17313->17066 17315 7ff786888a9a 17314->17315 17316 7ff78688c5c0 _log10_special 8 API calls 17315->17316 17317 7ff786888aaa 17316->17317 17317->17066 17319 7ff7868890f5 17318->17319 18159 7ff786888760 GetCurrentProcess OpenProcessToken 17319->18159 17322 7ff786888760 7 API calls 17323 7ff786889121 17322->17323 17324 7ff786889154 17323->17324 17325 7ff78688913a 17323->17325 17326 7ff7868826b0 48 API calls 17324->17326 17327 7ff7868826b0 48 API calls 17325->17327 17329 7ff786889167 LocalFree LocalFree 17326->17329 17328 7ff786889152 17327->17328 17328->17329 17330 7ff78688918f 17329->17330 17331 7ff786889183 17329->17331 17333 7ff78688c5c0 _log10_special 8 API calls 17330->17333 18169 7ff786882b50 17331->18169 17334 7ff786883c55 17333->17334 17334->17111 17335 7ff786888850 17334->17335 17336 7ff786888868 17335->17336 17337 7ff7868888ea GetTempPathW GetCurrentProcessId 17336->17337 17338 7ff78688888c 17336->17338 18178 7ff7868825c0 17337->18178 17340 7ff786888a20 14 API calls 17338->17340 17341 7ff786888898 17340->17341 18185 7ff7868881c0 17341->18185 17346 7ff7868888d8 __std_exception_copy 17367 7ff7868889c4 __std_exception_copy 17346->17367 17348 7ff786888918 __std_exception_copy 17354 7ff786888955 __std_exception_copy 17348->17354 18182 7ff786898bd8 17348->18182 17353 7ff78688c5c0 _log10_special 8 API calls 17357 7ff786883cbb 17353->17357 17359 7ff786889400 2 API calls 17354->17359 17354->17367 17357->17111 17357->17123 17360 7ff7868889a1 17359->17360 17361 7ff7868889a6 17360->17361 17362 7ff7868889d9 17360->17362 17364 7ff786889400 2 API calls 17361->17364 17363 7ff7868982a8 38 API calls 17362->17363 17363->17367 17365 7ff7868889b6 17364->17365 17366 7ff7868982a8 38 API calls 17365->17366 17366->17367 17367->17353 17369 7ff786889422 MultiByteToWideChar 17368->17369 17370 7ff786889446 17368->17370 17369->17370 17372 7ff78688945c __std_exception_copy 17369->17372 17371 7ff786889463 MultiByteToWideChar 17370->17371 17370->17372 17371->17372 17372->17122 17374 7ff7868833ce __scrt_get_show_window_mode 17373->17374 17378 7ff786881c80 49 API calls 17374->17378 17379 7ff7868835e2 17374->17379 17384 7ff7868835c9 17374->17384 17385 7ff786882a50 54 API calls 17374->17385 17387 7ff7868835c7 17374->17387 17390 7ff7868835d0 17374->17390 18374 7ff786884550 17374->18374 18380 7ff786887e10 17374->18380 18391 7ff786881600 17374->18391 18439 7ff786887110 17374->18439 18443 7ff786884180 17374->18443 18487 7ff786884440 17374->18487 17375 7ff78688c5c0 _log10_special 8 API calls 17376 7ff786883664 17375->17376 17376->17170 17392 7ff7868890c0 LocalFree 17376->17392 17378->17374 17381 7ff786882710 54 API calls 17379->17381 17381->17387 17386 7ff786882710 54 API calls 17384->17386 17385->17374 17386->17387 17387->17375 17391 7ff786882710 54 API calls 17390->17391 17391->17387 17394 7ff786881ca5 17393->17394 17395 7ff7868949f4 49 API calls 17394->17395 17396 7ff786881cc8 17395->17396 17396->17061 17398 7ff786889400 2 API calls 17397->17398 17399 7ff786888ba4 17398->17399 17400 7ff7868982a8 38 API calls 17399->17400 17401 7ff786888bb6 __std_exception_copy 17400->17401 17401->17074 17403 7ff7868845bc 17402->17403 17404 7ff786889400 2 API calls 17403->17404 17405 7ff7868845e4 17404->17405 17406 7ff786889400 2 API calls 17405->17406 17407 7ff7868845f7 17406->17407 18654 7ff786896004 17407->18654 17410 7ff78688c5c0 _log10_special 8 API calls 17411 7ff78688392b 17410->17411 17411->17064 17412 7ff786887f80 17411->17412 17413 7ff786887fa4 17412->17413 17414 7ff78688807b __std_exception_copy 17413->17414 17415 7ff786890744 73 API calls 17413->17415 17414->17068 17416 7ff786887fc0 17415->17416 17416->17414 19045 7ff786897938 17416->19045 17418 7ff786890744 73 API calls 17419 7ff786887fd5 17418->17419 17419->17414 17419->17418 17420 7ff78689040c _fread_nolock 53 API calls 17419->17420 17420->17419 17422 7ff7868900ec 17421->17422 19060 7ff78688fe98 17422->19060 17424 7ff786890105 17424->17064 17426 7ff78688c8c0 17425->17426 17427 7ff786882734 GetCurrentProcessId 17426->17427 17428 7ff786881c80 49 API calls 17427->17428 17429 7ff786882787 17428->17429 17430 7ff7868949f4 49 API calls 17429->17430 17431 7ff7868827cf 17430->17431 17432 7ff786882620 12 API calls 17431->17432 17433 7ff7868827f1 17432->17433 17434 7ff78688c5c0 _log10_special 8 API calls 17433->17434 17435 7ff786882801 17434->17435 17435->17170 17437 7ff786889400 2 API calls 17436->17437 17438 7ff786888b4c 17437->17438 17439 7ff786889400 2 API calls 17438->17439 17440 7ff786888b5c 17439->17440 17441 7ff7868982a8 38 API calls 17440->17441 17442 7ff786888b6a __std_exception_copy 17441->17442 17442->17078 17444 7ff786881c80 49 API calls 17443->17444 17445 7ff7868844ed 17444->17445 17445->17105 17447 7ff786881c80 49 API calls 17446->17447 17448 7ff786884650 17447->17448 17448->17123 17450 7ff786886dc5 17449->17450 17451 7ff786883e6c 17450->17451 17452 7ff786894f78 _get_daylight 11 API calls 17450->17452 17455 7ff786887330 17451->17455 17453 7ff786886dd2 17452->17453 17454 7ff786882910 54 API calls 17453->17454 17454->17451 19071 7ff786881470 17455->19071 17457 7ff786887358 17458 7ff786884620 49 API calls 17457->17458 17468 7ff7868874a9 __std_exception_copy 17457->17468 17459 7ff78688737a 17458->17459 17460 7ff78688737f 17459->17460 17461 7ff786884620 49 API calls 17459->17461 17462 7ff786882a50 54 API calls 17460->17462 17463 7ff78688739e 17461->17463 17462->17468 17463->17460 17468->17157 19177 7ff786886350 17523->19177 17531 7ff786883399 17532 7ff786883670 17531->17532 17533 7ff78688367e 17532->17533 17535 7ff78688368f 17533->17535 19450 7ff786889050 FreeLibrary 17533->19450 17535->17149 17543 7ff7868954dc EnterCriticalSection 17536->17543 17545 7ff7868836bc GetModuleFileNameW 17544->17545 17545->17236 17545->17237 17547 7ff78688932f FindClose 17546->17547 17548 7ff786889342 17546->17548 17547->17548 17549 7ff78688c5c0 _log10_special 8 API calls 17548->17549 17550 7ff78688371a 17549->17550 17550->17242 17550->17243 17552 7ff78688c8c0 17551->17552 17553 7ff786882c70 GetCurrentProcessId 17552->17553 17582 7ff7868826b0 17553->17582 17555 7ff786882cb9 17586 7ff786894c48 17555->17586 17558 7ff7868826b0 48 API calls 17559 7ff786882d34 FormatMessageW 17558->17559 17561 7ff786882d6d 17559->17561 17562 7ff786882d7f MessageBoxW 17559->17562 17564 7ff7868826b0 48 API calls 17561->17564 17563 7ff78688c5c0 _log10_special 8 API calls 17562->17563 17565 7ff786882daf 17563->17565 17564->17562 17565->17240 17567 7ff7868893b0 GetFinalPathNameByHandleW CloseHandle 17566->17567 17568 7ff786883730 17566->17568 17567->17568 17568->17250 17568->17251 17570 7ff786882834 17569->17570 17571 7ff7868826b0 48 API calls 17570->17571 17572 7ff786882887 17571->17572 17573 7ff786894c48 48 API calls 17572->17573 17574 7ff7868828d0 MessageBoxW 17573->17574 17575 7ff78688c5c0 _log10_special 8 API calls 17574->17575 17576 7ff786882900 17575->17576 17576->17240 17578 7ff7868894da WideCharToMultiByte 17577->17578 17580 7ff786889505 17577->17580 17578->17580 17581 7ff78688951b __std_exception_copy 17578->17581 17579 7ff786889522 WideCharToMultiByte 17579->17581 17580->17579 17580->17581 17581->17249 17583 7ff7868826d5 17582->17583 17584 7ff786894c48 48 API calls 17583->17584 17585 7ff7868826f8 17584->17585 17585->17555 17588 7ff786894ca2 17586->17588 17587 7ff786894cc7 17589 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17587->17589 17588->17587 17590 7ff786894d03 17588->17590 17592 7ff786894cf1 17589->17592 17604 7ff786893000 17590->17604 17595 7ff78688c5c0 _log10_special 8 API calls 17592->17595 17593 7ff786894de4 17594 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17593->17594 17594->17592 17597 7ff786882d04 17595->17597 17597->17558 17598 7ff786894db9 17602 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17598->17602 17599 7ff786894e0a 17599->17593 17601 7ff786894e14 17599->17601 17600 7ff786894db0 17600->17593 17600->17598 17603 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17601->17603 17602->17592 17603->17592 17605 7ff78689303e 17604->17605 17606 7ff78689302e 17604->17606 17607 7ff786893047 17605->17607 17612 7ff786893075 17605->17612 17608 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17606->17608 17609 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17607->17609 17610 7ff78689306d 17608->17610 17609->17610 17610->17593 17610->17598 17610->17599 17610->17600 17612->17606 17612->17610 17615 7ff786893a14 17612->17615 17648 7ff786893460 17612->17648 17685 7ff786892bf0 17612->17685 17616 7ff786893a56 17615->17616 17617 7ff786893ac7 17615->17617 17618 7ff786893af1 17616->17618 17619 7ff786893a5c 17616->17619 17620 7ff786893b20 17617->17620 17621 7ff786893acc 17617->17621 17708 7ff786891dc4 17618->17708 17624 7ff786893a90 17619->17624 17625 7ff786893a61 17619->17625 17627 7ff786893b37 17620->17627 17628 7ff786893b2a 17620->17628 17632 7ff786893b2f 17620->17632 17622 7ff786893b01 17621->17622 17623 7ff786893ace 17621->17623 17715 7ff7868919b4 17622->17715 17626 7ff786893a70 17623->17626 17635 7ff786893add 17623->17635 17630 7ff786893a67 17624->17630 17624->17632 17625->17627 17625->17630 17646 7ff786893b60 17626->17646 17688 7ff7868941c8 17626->17688 17722 7ff78689471c 17627->17722 17628->17618 17628->17632 17630->17626 17636 7ff786893aa2 17630->17636 17643 7ff786893a8b 17630->17643 17632->17646 17726 7ff7868921d4 17632->17726 17635->17618 17638 7ff786893ae2 17635->17638 17636->17646 17698 7ff786894504 17636->17698 17638->17646 17704 7ff7868945c8 17638->17704 17640 7ff78688c5c0 _log10_special 8 API calls 17642 7ff786893e5a 17640->17642 17642->17612 17643->17646 17647 7ff786893d4c 17643->17647 17733 7ff786894830 17643->17733 17646->17640 17647->17646 17739 7ff78689ea78 17647->17739 17649 7ff786893484 17648->17649 17650 7ff78689346e 17648->17650 17651 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17649->17651 17652 7ff7868934c4 17649->17652 17650->17652 17653 7ff786893a56 17650->17653 17654 7ff786893ac7 17650->17654 17651->17652 17652->17612 17655 7ff786893af1 17653->17655 17656 7ff786893a5c 17653->17656 17657 7ff786893b20 17654->17657 17658 7ff786893acc 17654->17658 17666 7ff786891dc4 38 API calls 17655->17666 17661 7ff786893a90 17656->17661 17662 7ff786893a61 17656->17662 17664 7ff786893b37 17657->17664 17665 7ff786893b2a 17657->17665 17670 7ff786893b2f 17657->17670 17659 7ff786893b01 17658->17659 17660 7ff786893ace 17658->17660 17668 7ff7868919b4 38 API calls 17659->17668 17663 7ff786893a70 17660->17663 17672 7ff786893add 17660->17672 17667 7ff786893a67 17661->17667 17661->17670 17662->17664 17662->17667 17669 7ff7868941c8 47 API calls 17663->17669 17683 7ff786893b60 17663->17683 17671 7ff78689471c 45 API calls 17664->17671 17665->17655 17665->17670 17678 7ff786893a8b 17666->17678 17667->17663 17673 7ff786893aa2 17667->17673 17667->17678 17668->17678 17669->17678 17674 7ff7868921d4 38 API calls 17670->17674 17670->17683 17671->17678 17672->17655 17675 7ff786893ae2 17672->17675 17676 7ff786894504 46 API calls 17673->17676 17673->17683 17674->17678 17679 7ff7868945c8 37 API calls 17675->17679 17675->17683 17676->17678 17677 7ff78688c5c0 _log10_special 8 API calls 17680 7ff786893e5a 17677->17680 17681 7ff786894830 45 API calls 17678->17681 17678->17683 17684 7ff786893d4c 17678->17684 17679->17678 17680->17612 17681->17684 17682 7ff78689ea78 46 API calls 17682->17684 17683->17677 17684->17682 17684->17683 17905 7ff786891038 17685->17905 17689 7ff7868941ee 17688->17689 17751 7ff786890bf0 17689->17751 17694 7ff786894333 17696 7ff786894830 45 API calls 17694->17696 17697 7ff7868943c1 17694->17697 17695 7ff786894830 45 API calls 17695->17694 17696->17697 17697->17643 17699 7ff786894539 17698->17699 17700 7ff786894557 17699->17700 17701 7ff786894830 45 API calls 17699->17701 17703 7ff78689457e 17699->17703 17702 7ff78689ea78 46 API calls 17700->17702 17701->17700 17702->17703 17703->17643 17707 7ff7868945e9 17704->17707 17705 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17706 7ff78689461a 17705->17706 17706->17643 17707->17705 17707->17706 17710 7ff786891df7 17708->17710 17709 7ff786891e26 17714 7ff786891e63 17709->17714 17878 7ff786890c98 17709->17878 17710->17709 17712 7ff786891ee3 17710->17712 17713 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17712->17713 17713->17714 17714->17643 17716 7ff7868919e7 17715->17716 17717 7ff786891a16 17716->17717 17719 7ff786891ad3 17716->17719 17718 7ff786890c98 12 API calls 17717->17718 17721 7ff786891a53 17717->17721 17718->17721 17720 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17719->17720 17720->17721 17721->17643 17723 7ff78689475f 17722->17723 17725 7ff786894763 __crtLCMapStringW 17723->17725 17886 7ff7868947b8 17723->17886 17725->17643 17727 7ff786892207 17726->17727 17728 7ff786892236 17727->17728 17730 7ff7868922f3 17727->17730 17729 7ff786890c98 12 API calls 17728->17729 17732 7ff786892273 17728->17732 17729->17732 17731 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17730->17731 17731->17732 17732->17643 17734 7ff786894847 17733->17734 17890 7ff78689da28 17734->17890 17740 7ff78689eaa9 17739->17740 17748 7ff78689eab7 17739->17748 17741 7ff78689ead7 17740->17741 17742 7ff786894830 45 API calls 17740->17742 17740->17748 17743 7ff78689eb0f 17741->17743 17744 7ff78689eae8 17741->17744 17742->17741 17746 7ff78689eb9a 17743->17746 17747 7ff78689eb39 17743->17747 17743->17748 17898 7ff7868a0110 17744->17898 17749 7ff78689f910 _fread_nolock MultiByteToWideChar 17746->17749 17747->17748 17750 7ff78689f910 _fread_nolock MultiByteToWideChar 17747->17750 17748->17647 17749->17748 17750->17748 17752 7ff786890c16 17751->17752 17753 7ff786890c27 17751->17753 17759 7ff78689e5e0 17752->17759 17753->17752 17754 7ff78689d66c _fread_nolock 12 API calls 17753->17754 17755 7ff786890c54 17754->17755 17756 7ff786890c68 17755->17756 17758 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17755->17758 17757 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17756->17757 17757->17752 17758->17756 17760 7ff78689e630 17759->17760 17761 7ff78689e5fd 17759->17761 17760->17761 17763 7ff78689e662 17760->17763 17762 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17761->17762 17772 7ff786894311 17762->17772 17768 7ff78689e775 17763->17768 17774 7ff78689e6aa 17763->17774 17764 7ff78689e867 17805 7ff78689dacc 17764->17805 17766 7ff78689e82d 17798 7ff78689de64 17766->17798 17768->17764 17768->17766 17769 7ff78689e7fc 17768->17769 17771 7ff78689e7bf 17768->17771 17773 7ff78689e7b5 17768->17773 17791 7ff78689e144 17769->17791 17781 7ff78689e374 17771->17781 17772->17694 17772->17695 17773->17766 17776 7ff78689e7ba 17773->17776 17774->17772 17777 7ff78689a514 __std_exception_copy 37 API calls 17774->17777 17776->17769 17776->17771 17778 7ff78689e762 17777->17778 17778->17772 17779 7ff78689a970 _isindst 17 API calls 17778->17779 17780 7ff78689e8c4 17779->17780 17814 7ff7868a411c 17781->17814 17785 7ff78689e41c 17786 7ff78689e471 17785->17786 17788 7ff78689e43c 17785->17788 17790 7ff78689e420 17785->17790 17867 7ff78689df60 17786->17867 17788->17788 17863 7ff78689e21c 17788->17863 17790->17772 17792 7ff7868a411c 38 API calls 17791->17792 17793 7ff78689e18e 17792->17793 17794 7ff7868a3b64 37 API calls 17793->17794 17795 7ff78689e1de 17794->17795 17796 7ff78689e1e2 17795->17796 17797 7ff78689e21c 45 API calls 17795->17797 17796->17772 17797->17796 17799 7ff7868a411c 38 API calls 17798->17799 17800 7ff78689deaf 17799->17800 17801 7ff7868a3b64 37 API calls 17800->17801 17802 7ff78689df07 17801->17802 17803 7ff78689df0b 17802->17803 17804 7ff78689df60 45 API calls 17802->17804 17803->17772 17804->17803 17806 7ff78689db11 17805->17806 17807 7ff78689db44 17805->17807 17808 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17806->17808 17809 7ff78689db5c 17807->17809 17811 7ff78689dbdd 17807->17811 17813 7ff78689db3d __scrt_get_show_window_mode 17808->17813 17810 7ff78689de64 46 API calls 17809->17810 17810->17813 17812 7ff786894830 45 API calls 17811->17812 17811->17813 17812->17813 17813->17772 17815 7ff7868a416f fegetenv 17814->17815 17816 7ff7868a7e9c 37 API calls 17815->17816 17821 7ff7868a41c2 17816->17821 17817 7ff7868a41ef 17820 7ff78689a514 __std_exception_copy 37 API calls 17817->17820 17818 7ff7868a42b2 17819 7ff7868a7e9c 37 API calls 17818->17819 17822 7ff7868a42dc 17819->17822 17823 7ff7868a426d 17820->17823 17821->17818 17824 7ff7868a41dd 17821->17824 17825 7ff7868a428c 17821->17825 17826 7ff7868a7e9c 37 API calls 17822->17826 17827 7ff7868a5394 17823->17827 17833 7ff7868a4275 17823->17833 17824->17817 17824->17818 17828 7ff78689a514 __std_exception_copy 37 API calls 17825->17828 17829 7ff7868a42ed 17826->17829 17830 7ff78689a970 _isindst 17 API calls 17827->17830 17828->17823 17831 7ff7868a8090 20 API calls 17829->17831 17832 7ff7868a53a9 17830->17832 17841 7ff7868a4356 __scrt_get_show_window_mode 17831->17841 17834 7ff78688c5c0 _log10_special 8 API calls 17833->17834 17835 7ff78689e3c1 17834->17835 17859 7ff7868a3b64 17835->17859 17836 7ff7868a46ff __scrt_get_show_window_mode 17837 7ff7868a4397 memcpy_s 17846 7ff7868a47f3 memcpy_s __scrt_get_show_window_mode 17837->17846 17850 7ff7868a4cdb memcpy_s __scrt_get_show_window_mode 17837->17850 17838 7ff7868a4a3f 17839 7ff7868a3c80 37 API calls 17838->17839 17847 7ff7868a5157 17839->17847 17840 7ff7868a49eb 17840->17838 17843 7ff7868a53ac memcpy_s 37 API calls 17840->17843 17841->17836 17841->17837 17844 7ff786894f78 _get_daylight 11 API calls 17841->17844 17842 7ff7868a51b2 17849 7ff7868a5338 17842->17849 17855 7ff7868a3c80 37 API calls 17842->17855 17857 7ff7868a53ac memcpy_s 37 API calls 17842->17857 17843->17838 17845 7ff7868a47d0 17844->17845 17848 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17845->17848 17846->17840 17854 7ff786894f78 11 API calls _get_daylight 17846->17854 17856 7ff78689a950 37 API calls _invalid_parameter_noinfo 17846->17856 17847->17842 17851 7ff7868a53ac memcpy_s 37 API calls 17847->17851 17848->17837 17853 7ff7868a7e9c 37 API calls 17849->17853 17850->17838 17850->17840 17852 7ff786894f78 11 API calls _get_daylight 17850->17852 17858 7ff78689a950 37 API calls _invalid_parameter_noinfo 17850->17858 17851->17842 17852->17850 17853->17833 17854->17846 17855->17842 17856->17846 17857->17842 17858->17850 17860 7ff7868a3b83 17859->17860 17861 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17860->17861 17862 7ff7868a3bae memcpy_s 17860->17862 17861->17862 17862->17785 17864 7ff78689e248 memcpy_s 17863->17864 17865 7ff786894830 45 API calls 17864->17865 17866 7ff78689e302 memcpy_s __scrt_get_show_window_mode 17864->17866 17865->17866 17866->17790 17868 7ff78689df9b 17867->17868 17872 7ff78689dfe8 memcpy_s 17867->17872 17869 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17868->17869 17870 7ff78689dfc7 17869->17870 17870->17790 17871 7ff78689e053 17873 7ff78689a514 __std_exception_copy 37 API calls 17871->17873 17872->17871 17874 7ff786894830 45 API calls 17872->17874 17877 7ff78689e095 memcpy_s 17873->17877 17874->17871 17875 7ff78689a970 _isindst 17 API calls 17876 7ff78689e140 17875->17876 17877->17875 17879 7ff786890ccf 17878->17879 17885 7ff786890cbe 17878->17885 17880 7ff78689d66c _fread_nolock 12 API calls 17879->17880 17879->17885 17881 7ff786890d00 17880->17881 17882 7ff786890d14 17881->17882 17884 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17881->17884 17883 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17882->17883 17883->17885 17884->17882 17885->17714 17887 7ff7868947d6 17886->17887 17888 7ff7868947de 17886->17888 17889 7ff786894830 45 API calls 17887->17889 17888->17725 17889->17888 17891 7ff78689da41 17890->17891 17892 7ff78689486f 17890->17892 17891->17892 17893 7ff7868a3374 45 API calls 17891->17893 17894 7ff78689da94 17892->17894 17893->17892 17895 7ff78689487f 17894->17895 17896 7ff78689daad 17894->17896 17895->17647 17896->17895 17897 7ff7868a26c0 45 API calls 17896->17897 17897->17895 17901 7ff7868a6df8 17898->17901 17903 7ff7868a6e5c 17901->17903 17902 7ff78688c5c0 _log10_special 8 API calls 17904 7ff7868a012d 17902->17904 17903->17902 17904->17748 17906 7ff78689107f 17905->17906 17907 7ff78689106d 17905->17907 17909 7ff78689108d 17906->17909 17913 7ff7868910c9 17906->17913 17908 7ff786894f78 _get_daylight 11 API calls 17907->17908 17910 7ff786891072 17908->17910 17911 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17909->17911 17912 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17910->17912 17914 7ff78689107d 17911->17914 17912->17914 17915 7ff786891445 17913->17915 17917 7ff786894f78 _get_daylight 11 API calls 17913->17917 17914->17612 17915->17914 17916 7ff786894f78 _get_daylight 11 API calls 17915->17916 17918 7ff7868916d9 17916->17918 17919 7ff78689143a 17917->17919 17921 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17918->17921 17920 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17919->17920 17920->17915 17921->17914 17923 7ff786890774 17922->17923 17950 7ff7868904d4 17923->17950 17925 7ff78689078d 17925->17265 17962 7ff78689042c 17926->17962 17930 7ff78688c8c0 17929->17930 17931 7ff786882930 GetCurrentProcessId 17930->17931 17932 7ff786881c80 49 API calls 17931->17932 17933 7ff786882979 17932->17933 17976 7ff7868949f4 17933->17976 17938 7ff786881c80 49 API calls 17939 7ff7868829ff 17938->17939 18006 7ff786882620 17939->18006 17942 7ff78688c5c0 _log10_special 8 API calls 17943 7ff786882a31 17942->17943 17943->17275 17945 7ff786890189 17944->17945 17949 7ff786881b89 17944->17949 17946 7ff786894f78 _get_daylight 11 API calls 17945->17946 17947 7ff78689018e 17946->17947 17948 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17947->17948 17948->17949 17949->17275 17949->17304 17951 7ff78689053e 17950->17951 17952 7ff7868904fe 17950->17952 17951->17952 17954 7ff78689054a 17951->17954 17953 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17952->17953 17960 7ff786890525 17953->17960 17961 7ff7868954dc EnterCriticalSection 17954->17961 17960->17925 17963 7ff786881a20 17962->17963 17964 7ff786890456 17962->17964 17963->17273 17963->17274 17964->17963 17965 7ff7868904a2 17964->17965 17966 7ff786890465 __scrt_get_show_window_mode 17964->17966 17975 7ff7868954dc EnterCriticalSection 17965->17975 17969 7ff786894f78 _get_daylight 11 API calls 17966->17969 17971 7ff78689047a 17969->17971 17973 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17971->17973 17973->17963 17980 7ff786894a4e 17976->17980 17977 7ff786894a73 17978 7ff78689a884 _invalid_parameter_noinfo 37 API calls 17977->17978 17982 7ff786894a9d 17978->17982 17979 7ff786894aaf 18015 7ff786892c80 17979->18015 17980->17977 17980->17979 17983 7ff78688c5c0 _log10_special 8 API calls 17982->17983 17986 7ff7868829c3 17983->17986 17984 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17984->17982 17994 7ff7868951d0 17986->17994 17987 7ff786894bb0 17989 7ff786894b8c 17987->17989 17990 7ff786894bba 17987->17990 17988 7ff786894b58 17988->17989 17993 7ff786894b61 17988->17993 17989->17984 17992 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17990->17992 17991 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17991->17982 17992->17982 17993->17991 17995 7ff78689b338 _get_daylight 11 API calls 17994->17995 17996 7ff7868951e7 17995->17996 17997 7ff7868829e5 17996->17997 17998 7ff78689ec08 _get_daylight 11 API calls 17996->17998 18001 7ff786895227 17996->18001 17997->17938 17999 7ff78689521c 17998->17999 18000 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17999->18000 18000->18001 18001->17997 18150 7ff78689ec90 18001->18150 18004 7ff78689a970 _isindst 17 API calls 18005 7ff78689526c 18004->18005 18007 7ff78688262f 18006->18007 18008 7ff786889400 2 API calls 18007->18008 18009 7ff786882660 18008->18009 18010 7ff786882683 MessageBoxA 18009->18010 18011 7ff78688266f MessageBoxW 18009->18011 18012 7ff786882690 18010->18012 18011->18012 18013 7ff78688c5c0 _log10_special 8 API calls 18012->18013 18014 7ff7868826a0 18013->18014 18014->17942 18016 7ff786892cbe 18015->18016 18017 7ff786892cae 18015->18017 18018 7ff786892cc7 18016->18018 18026 7ff786892cf5 18016->18026 18019 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18017->18019 18020 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18018->18020 18021 7ff786892ced 18019->18021 18020->18021 18021->17987 18021->17988 18021->17989 18021->17993 18022 7ff786894830 45 API calls 18022->18026 18024 7ff786892fa4 18025 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18024->18025 18025->18017 18026->18017 18026->18021 18026->18022 18026->18024 18029 7ff786893610 18026->18029 18055 7ff7868932d8 18026->18055 18085 7ff786892b60 18026->18085 18030 7ff786893652 18029->18030 18031 7ff7868936c5 18029->18031 18032 7ff7868936ef 18030->18032 18033 7ff786893658 18030->18033 18034 7ff78689371f 18031->18034 18035 7ff7868936ca 18031->18035 18102 7ff786891bc0 18032->18102 18040 7ff78689365d 18033->18040 18046 7ff78689372e 18033->18046 18034->18032 18034->18046 18053 7ff786893688 18034->18053 18036 7ff7868936ff 18035->18036 18037 7ff7868936cc 18035->18037 18109 7ff7868917b0 18036->18109 18039 7ff78689366d 18037->18039 18045 7ff7868936db 18037->18045 18054 7ff78689375d 18039->18054 18088 7ff786893f74 18039->18088 18040->18039 18043 7ff7868936a0 18040->18043 18040->18053 18043->18054 18098 7ff786894430 18043->18098 18045->18032 18048 7ff7868936e0 18045->18048 18046->18054 18116 7ff786891fd0 18046->18116 18050 7ff7868945c8 37 API calls 18048->18050 18048->18054 18049 7ff78688c5c0 _log10_special 8 API calls 18051 7ff7868939f3 18049->18051 18050->18053 18051->18026 18053->18054 18123 7ff78689e8c8 18053->18123 18054->18049 18056 7ff7868932e3 18055->18056 18057 7ff7868932f9 18055->18057 18058 7ff786893652 18056->18058 18059 7ff7868936c5 18056->18059 18061 7ff786893337 18056->18061 18060 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18057->18060 18057->18061 18062 7ff7868936ef 18058->18062 18063 7ff786893658 18058->18063 18064 7ff78689371f 18059->18064 18065 7ff7868936ca 18059->18065 18060->18061 18061->18026 18068 7ff786891bc0 38 API calls 18062->18068 18072 7ff78689365d 18063->18072 18074 7ff78689372e 18063->18074 18064->18062 18064->18074 18075 7ff786893688 18064->18075 18066 7ff7868936ff 18065->18066 18067 7ff7868936cc 18065->18067 18070 7ff7868917b0 38 API calls 18066->18070 18069 7ff78689366d 18067->18069 18077 7ff7868936db 18067->18077 18068->18075 18071 7ff786893f74 47 API calls 18069->18071 18084 7ff78689375d 18069->18084 18070->18075 18071->18075 18072->18069 18073 7ff7868936a0 18072->18073 18072->18075 18078 7ff786894430 47 API calls 18073->18078 18073->18084 18076 7ff786891fd0 38 API calls 18074->18076 18074->18084 18083 7ff78689e8c8 47 API calls 18075->18083 18075->18084 18076->18075 18077->18062 18079 7ff7868936e0 18077->18079 18078->18075 18081 7ff7868945c8 37 API calls 18079->18081 18079->18084 18080 7ff78688c5c0 _log10_special 8 API calls 18082 7ff7868939f3 18080->18082 18081->18075 18082->18026 18083->18075 18084->18080 18133 7ff786890d84 18085->18133 18089 7ff786893f96 18088->18089 18090 7ff786890bf0 12 API calls 18089->18090 18091 7ff786893fde 18090->18091 18092 7ff78689e5e0 46 API calls 18091->18092 18093 7ff7868940b1 18092->18093 18094 7ff786894830 45 API calls 18093->18094 18096 7ff7868940d3 18093->18096 18094->18096 18095 7ff78689415c 18095->18053 18096->18095 18097 7ff786894830 45 API calls 18096->18097 18097->18095 18099 7ff7868944b0 18098->18099 18100 7ff786894448 18098->18100 18099->18053 18100->18099 18101 7ff78689e8c8 47 API calls 18100->18101 18101->18099 18104 7ff786891bf3 18102->18104 18103 7ff786891c22 18105 7ff786890bf0 12 API calls 18103->18105 18108 7ff786891c5f 18103->18108 18104->18103 18106 7ff786891cdf 18104->18106 18105->18108 18107 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18106->18107 18107->18108 18108->18053 18110 7ff7868917e3 18109->18110 18111 7ff786891812 18110->18111 18113 7ff7868918cf 18110->18113 18112 7ff786890bf0 12 API calls 18111->18112 18115 7ff78689184f 18111->18115 18112->18115 18114 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18113->18114 18114->18115 18115->18053 18117 7ff786892003 18116->18117 18118 7ff786892032 18117->18118 18120 7ff7868920ef 18117->18120 18119 7ff786890bf0 12 API calls 18118->18119 18122 7ff78689206f 18118->18122 18119->18122 18121 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18120->18121 18121->18122 18122->18053 18124 7ff78689e8f0 18123->18124 18125 7ff78689e935 18124->18125 18127 7ff786894830 45 API calls 18124->18127 18129 7ff78689e8f5 __scrt_get_show_window_mode 18124->18129 18132 7ff78689e91e __scrt_get_show_window_mode 18124->18132 18128 7ff7868a0858 WideCharToMultiByte 18125->18128 18125->18129 18125->18132 18126 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18126->18129 18127->18125 18130 7ff78689ea11 18128->18130 18129->18053 18130->18129 18131 7ff78689ea26 GetLastError 18130->18131 18131->18129 18131->18132 18132->18126 18132->18129 18134 7ff786890db1 18133->18134 18135 7ff786890dc3 18133->18135 18136 7ff786894f78 _get_daylight 11 API calls 18134->18136 18137 7ff786890dd0 18135->18137 18141 7ff786890e0d 18135->18141 18138 7ff786890db6 18136->18138 18139 7ff78689a884 _invalid_parameter_noinfo 37 API calls 18137->18139 18140 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18138->18140 18145 7ff786890dc1 18139->18145 18140->18145 18142 7ff786890eb6 18141->18142 18143 7ff786894f78 _get_daylight 11 API calls 18141->18143 18144 7ff786894f78 _get_daylight 11 API calls 18142->18144 18142->18145 18146 7ff786890eab 18143->18146 18147 7ff786890f60 18144->18147 18145->18026 18148 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18146->18148 18149 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18147->18149 18148->18142 18149->18145 18154 7ff78689ecad 18150->18154 18151 7ff78689ecb2 18152 7ff78689524d 18151->18152 18153 7ff786894f78 _get_daylight 11 API calls 18151->18153 18152->17997 18152->18004 18155 7ff78689ecbc 18153->18155 18154->18151 18154->18152 18157 7ff78689ecfc 18154->18157 18156 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18155->18156 18156->18152 18157->18152 18158 7ff786894f78 _get_daylight 11 API calls 18157->18158 18158->18155 18160 7ff7868887a1 GetTokenInformation 18159->18160 18163 7ff786888823 __std_exception_copy 18159->18163 18161 7ff7868887c2 GetLastError 18160->18161 18162 7ff7868887cd 18160->18162 18161->18162 18161->18163 18162->18163 18166 7ff7868887e9 GetTokenInformation 18162->18166 18164 7ff786888836 CloseHandle 18163->18164 18165 7ff78688883c 18163->18165 18164->18165 18165->17322 18166->18163 18167 7ff78688880c 18166->18167 18167->18163 18168 7ff786888816 ConvertSidToStringSidW 18167->18168 18168->18163 18170 7ff78688c8c0 18169->18170 18171 7ff786882b74 GetCurrentProcessId 18170->18171 18172 7ff7868826b0 48 API calls 18171->18172 18173 7ff786882bc7 18172->18173 18174 7ff786894c48 48 API calls 18173->18174 18175 7ff786882c10 MessageBoxW 18174->18175 18176 7ff78688c5c0 _log10_special 8 API calls 18175->18176 18177 7ff786882c40 18176->18177 18177->17330 18179 7ff7868825e5 18178->18179 18180 7ff786894c48 48 API calls 18179->18180 18181 7ff786882604 18180->18181 18181->17348 18227 7ff786898804 18182->18227 18186 7ff7868881cc 18185->18186 18187 7ff786889400 2 API calls 18186->18187 18188 7ff7868881eb 18187->18188 18189 7ff7868881f3 18188->18189 18190 7ff786888206 ExpandEnvironmentStringsW 18188->18190 18191 7ff786882810 49 API calls 18189->18191 18192 7ff78688822c __std_exception_copy 18190->18192 18197 7ff7868881ff __std_exception_copy 18191->18197 18193 7ff786888230 18192->18193 18194 7ff786888243 18192->18194 18196 7ff786882810 49 API calls 18193->18196 18199 7ff7868882af 18194->18199 18200 7ff786888251 GetDriveTypeW 18194->18200 18195 7ff78688c5c0 _log10_special 8 API calls 18198 7ff78688839f 18195->18198 18196->18197 18197->18195 18198->17346 18217 7ff7868982a8 18198->18217 18201 7ff786897e78 45 API calls 18199->18201 18204 7ff7868882a0 18200->18204 18205 7ff786888285 18200->18205 18203 7ff7868882c1 18201->18203 18206 7ff7868882c9 18203->18206 18210 7ff7868882dc 18203->18210 18350 7ff7868979dc 18204->18350 18207 7ff786882810 49 API calls 18205->18207 18209 7ff786882810 49 API calls 18206->18209 18207->18197 18209->18197 18211 7ff78688833e CreateDirectoryW 18210->18211 18212 7ff7868826b0 48 API calls 18210->18212 18211->18197 18218 7ff7868982b5 18217->18218 18219 7ff7868982c8 18217->18219 18220 7ff786894f78 _get_daylight 11 API calls 18218->18220 18366 7ff786897f2c 18219->18366 18268 7ff7868a15c8 18227->18268 18327 7ff7868a1340 18268->18327 18348 7ff7868a0348 EnterCriticalSection 18327->18348 18351 7ff786897a2d 18350->18351 18352 7ff7868979fa 18350->18352 18351->18197 18352->18351 18357 7ff7868a04e4 18352->18357 18375 7ff78688455a 18374->18375 18376 7ff786889400 2 API calls 18375->18376 18377 7ff78688457f 18376->18377 18378 7ff78688c5c0 _log10_special 8 API calls 18377->18378 18379 7ff7868845a7 18378->18379 18379->17374 18382 7ff786887e1e 18380->18382 18381 7ff786887f42 18384 7ff78688c5c0 _log10_special 8 API calls 18381->18384 18382->18381 18383 7ff786881c80 49 API calls 18382->18383 18388 7ff786887ea5 18383->18388 18385 7ff786887f73 18384->18385 18385->17374 18386 7ff786881c80 49 API calls 18386->18388 18387 7ff786884550 10 API calls 18387->18388 18388->18381 18388->18386 18388->18387 18389 7ff786889400 2 API calls 18388->18389 18390 7ff786887f13 CreateDirectoryW 18389->18390 18390->18381 18390->18388 18392 7ff786881637 18391->18392 18393 7ff786881613 18391->18393 18395 7ff7868845b0 108 API calls 18392->18395 18512 7ff786881050 18393->18512 18397 7ff78688164b 18395->18397 18396 7ff786881618 18398 7ff78688162e 18396->18398 18402 7ff786882710 54 API calls 18396->18402 18399 7ff786881653 18397->18399 18400 7ff786881682 18397->18400 18398->17374 18403 7ff786894f78 _get_daylight 11 API calls 18399->18403 18401 7ff7868845b0 108 API calls 18400->18401 18404 7ff786881696 18401->18404 18402->18398 18405 7ff786881658 18403->18405 18407 7ff78688169e 18404->18407 18408 7ff7868816b8 18404->18408 18406 7ff786882910 54 API calls 18405->18406 18409 7ff786881671 18406->18409 18410 7ff786882710 54 API calls 18407->18410 18411 7ff786890744 73 API calls 18408->18411 18409->17374 18412 7ff7868816ae 18410->18412 18413 7ff7868816cd 18411->18413 18418 7ff7868900bc 74 API calls 18412->18418 18414 7ff7868816f9 18413->18414 18415 7ff7868816d1 18413->18415 18416 7ff786881717 18414->18416 18417 7ff7868816ff 18414->18417 18419 7ff786894f78 _get_daylight 11 API calls 18415->18419 18424 7ff786881739 18416->18424 18425 7ff786881761 18416->18425 18490 7ff786881210 18417->18490 18421 7ff786881829 18418->18421 18422 7ff7868816d6 18419->18422 18421->17374 18423 7ff786882910 54 API calls 18422->18423 18431 7ff7868816ef __std_exception_copy 18423->18431 18427 7ff786894f78 _get_daylight 11 API calls 18424->18427 18430 7ff78689040c _fread_nolock 53 API calls 18425->18430 18425->18431 18432 7ff7868817da 18425->18432 18436 7ff7868817c5 18425->18436 18543 7ff786890b4c 18425->18543 18428 7ff78688173e 18427->18428 18430->18425 18434 7ff786894f78 _get_daylight 11 API calls 18432->18434 18437 7ff786894f78 _get_daylight 11 API calls 18436->18437 18440 7ff78688717b 18439->18440 18442 7ff786887134 18439->18442 18440->17374 18442->18440 18576 7ff786895094 18442->18576 18444 7ff786884191 18443->18444 18445 7ff7868844d0 49 API calls 18444->18445 18446 7ff7868841cb 18445->18446 18447 7ff7868844d0 49 API calls 18446->18447 18448 7ff7868841db 18447->18448 18449 7ff7868841fd 18448->18449 18450 7ff78688422c 18448->18450 18591 7ff786884100 18449->18591 18452 7ff786884100 51 API calls 18450->18452 18453 7ff78688422a 18452->18453 18454 7ff78688428c 18453->18454 18455 7ff786884257 18453->18455 18457 7ff786884100 51 API calls 18454->18457 18598 7ff786887ce0 18455->18598 18458 7ff7868842b0 18457->18458 18460 7ff786884100 51 API calls 18458->18460 18468 7ff786884302 18458->18468 18463 7ff7868842d9 18460->18463 18461 7ff786884383 18464 7ff786881950 115 API calls 18461->18464 18463->18468 18470 7ff786884100 51 API calls 18463->18470 18468->18461 18474 7ff78688437c 18468->18474 18475 7ff786884307 18468->18475 18477 7ff78688436b 18468->18477 18470->18468 18472 7ff786884395 18474->18472 18474->18475 18480 7ff786882710 54 API calls 18475->18480 18479 7ff786882710 54 API calls 18477->18479 18479->18475 18488 7ff786881c80 49 API calls 18487->18488 18489 7ff786884464 18488->18489 18489->17374 18491 7ff786881268 18490->18491 18492 7ff786881297 18491->18492 18493 7ff78688126f 18491->18493 18513 7ff7868845b0 108 API calls 18512->18513 18514 7ff78688108c 18513->18514 18515 7ff7868810a9 18514->18515 18516 7ff786881094 18514->18516 18517 7ff786890744 73 API calls 18515->18517 18518 7ff786882710 54 API calls 18516->18518 18519 7ff7868810bf 18517->18519 18524 7ff7868810a4 __std_exception_copy 18518->18524 18520 7ff7868810e6 18519->18520 18521 7ff7868810c3 18519->18521 18526 7ff7868810f7 18520->18526 18527 7ff786881122 18520->18527 18522 7ff786894f78 _get_daylight 11 API calls 18521->18522 18523 7ff7868810c8 18522->18523 18525 7ff786882910 54 API calls 18523->18525 18524->18396 18533 7ff7868810e1 __std_exception_copy 18525->18533 18529 7ff786894f78 _get_daylight 11 API calls 18526->18529 18528 7ff786881129 18527->18528 18537 7ff78688113c 18527->18537 18530 7ff786881210 92 API calls 18528->18530 18531 7ff786881100 18529->18531 18530->18533 18534 7ff786882910 54 API calls 18531->18534 18532 7ff7868900bc 74 API calls 18535 7ff7868811b4 18532->18535 18533->18532 18534->18533 18535->18524 18547 7ff7868846e0 18535->18547 18536 7ff78689040c _fread_nolock 53 API calls 18536->18537 18537->18533 18537->18536 18539 7ff7868811ed 18537->18539 18540 7ff786894f78 _get_daylight 11 API calls 18539->18540 18541 7ff7868811f2 18540->18541 18542 7ff786882910 54 API calls 18541->18542 18542->18533 18544 7ff786890b7c 18543->18544 18577 7ff7868950a1 18576->18577 18578 7ff7868950ce 18576->18578 18580 7ff786894f78 _get_daylight 11 API calls 18577->18580 18588 7ff786895058 18577->18588 18579 7ff7868950f1 18578->18579 18582 7ff78689510d 18578->18582 18581 7ff786894f78 _get_daylight 11 API calls 18579->18581 18583 7ff7868950ab 18580->18583 18585 7ff7868950f6 18581->18585 18586 7ff786894fbc 45 API calls 18582->18586 18584 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18583->18584 18587 7ff7868950b6 18584->18587 18589 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18585->18589 18590 7ff786895101 18586->18590 18587->18442 18588->18442 18589->18590 18590->18442 18592 7ff786884126 18591->18592 18593 7ff7868949f4 49 API calls 18592->18593 18594 7ff78688414c 18593->18594 18595 7ff78688415d 18594->18595 18596 7ff786884550 10 API calls 18594->18596 18595->18453 18597 7ff78688416f 18596->18597 18597->18453 18599 7ff786887cf5 18598->18599 18600 7ff7868845b0 108 API calls 18599->18600 18601 7ff786887d1b 18600->18601 18602 7ff786887d42 18601->18602 18603 7ff7868845b0 108 API calls 18601->18603 18655 7ff786895f38 18654->18655 18656 7ff786895f5e 18655->18656 18659 7ff786895f91 18655->18659 18657 7ff786894f78 _get_daylight 11 API calls 18656->18657 18658 7ff786895f63 18657->18658 18662 7ff78689a950 _invalid_parameter_noinfo 37 API calls 18658->18662 18660 7ff786895fa4 18659->18660 18661 7ff786895f97 18659->18661 18673 7ff78689ac98 18660->18673 18663 7ff786894f78 _get_daylight 11 API calls 18661->18663 18665 7ff786884606 18662->18665 18663->18665 18665->17410 18686 7ff7868a0348 EnterCriticalSection 18673->18686 19046 7ff786897968 19045->19046 19049 7ff786897444 19046->19049 19048 7ff786897981 19048->17419 19050 7ff78689745f 19049->19050 19051 7ff78689748e 19049->19051 19052 7ff78689a884 _invalid_parameter_noinfo 37 API calls 19050->19052 19059 7ff7868954dc EnterCriticalSection 19051->19059 19054 7ff78689747f 19052->19054 19054->19048 19061 7ff78688fee1 19060->19061 19062 7ff78688feb3 19060->19062 19069 7ff78688fed3 19061->19069 19070 7ff7868954dc EnterCriticalSection 19061->19070 19063 7ff78689a884 _invalid_parameter_noinfo 37 API calls 19062->19063 19063->19069 19069->17424 19072 7ff7868845b0 108 API calls 19071->19072 19073 7ff786881493 19072->19073 19074 7ff7868814bc 19073->19074 19075 7ff78688149b 19073->19075 19077 7ff786890744 73 API calls 19074->19077 19076 7ff786882710 54 API calls 19075->19076 19078 7ff7868814ab 19076->19078 19079 7ff7868814d1 19077->19079 19078->17457 19080 7ff7868814f8 19079->19080 19081 7ff7868814d5 19079->19081 19084 7ff786881508 19080->19084 19085 7ff786881532 19080->19085 19082 7ff786894f78 _get_daylight 11 API calls 19081->19082 19083 7ff7868814da 19082->19083 19086 7ff786882910 54 API calls 19083->19086 19087 7ff786894f78 _get_daylight 11 API calls 19084->19087 19088 7ff786881538 19085->19088 19093 7ff78688154b 19085->19093 19094 7ff7868814f3 __std_exception_copy 19086->19094 19089 7ff786881510 19087->19089 19090 7ff786881210 92 API calls 19088->19090 19091 7ff786882910 54 API calls 19089->19091 19090->19094 19091->19094 19092 7ff7868900bc 74 API calls 19093->19094 19096 7ff78689040c _fread_nolock 53 API calls 19093->19096 19097 7ff7868815d6 19093->19097 19094->19092 19096->19093 19098 7ff786894f78 _get_daylight 11 API calls 19097->19098 19178 7ff786886365 19177->19178 19179 7ff786881c80 49 API calls 19178->19179 19180 7ff7868863a1 19179->19180 19181 7ff7868863cd 19180->19181 19182 7ff7868863aa 19180->19182 19184 7ff786884620 49 API calls 19181->19184 19183 7ff786882710 54 API calls 19182->19183 19200 7ff7868863c3 19183->19200 19185 7ff7868863e5 19184->19185 19186 7ff786886403 19185->19186 19189 7ff786882710 54 API calls 19185->19189 19187 7ff786884550 10 API calls 19186->19187 19190 7ff78688640d 19187->19190 19188 7ff78688c5c0 _log10_special 8 API calls 19191 7ff78688336e 19188->19191 19189->19186 19192 7ff78688641b 19190->19192 19193 7ff786889070 3 API calls 19190->19193 19191->17531 19208 7ff7868864f0 19191->19208 19194 7ff786884620 49 API calls 19192->19194 19193->19192 19195 7ff786886434 19194->19195 19196 7ff786886459 19195->19196 19197 7ff786886439 19195->19197 19199 7ff786889070 3 API calls 19196->19199 19200->19188 19357 7ff7868853f0 19208->19357 19210 7ff786886516 19211 7ff78688651e 19210->19211 19212 7ff78688652f 19210->19212 19359 7ff78688541c 19357->19359 19358 7ff786885424 19358->19210 19359->19358 19362 7ff7868855c4 19359->19362 19388 7ff786896b14 19359->19388 19360 7ff786885787 __std_exception_copy 19360->19210 19361 7ff7868847c0 47 API calls 19361->19362 19362->19360 19362->19361 19389 7ff786896b44 19388->19389 19450->17535 19452 7ff78689b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19451->19452 19453 7ff78689a451 19452->19453 19454 7ff78689a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19453->19454 19455 7ff78689a471 19454->19455 19811 7ff7868a1720 19822 7ff7868a7454 19811->19822 19823 7ff7868a7461 19822->19823 19824 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19823->19824 19825 7ff7868a747d 19823->19825 19824->19823 19826 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19825->19826 19827 7ff7868a1729 19825->19827 19826->19825 19828 7ff7868a0348 EnterCriticalSection 19827->19828 16753 7ff786895698 16754 7ff7868956cf 16753->16754 16755 7ff7868956b2 16753->16755 16754->16755 16757 7ff7868956e2 CreateFileW 16754->16757 16804 7ff786894f58 16755->16804 16759 7ff786895716 16757->16759 16760 7ff78689574c 16757->16760 16778 7ff7868957ec GetFileType 16759->16778 16807 7ff786895c74 16760->16807 16762 7ff786894f78 _get_daylight 11 API calls 16765 7ff7868956bf 16762->16765 16769 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16765->16769 16767 7ff786895780 16828 7ff786895a34 16767->16828 16768 7ff786895755 16773 7ff786894eec _fread_nolock 11 API calls 16768->16773 16772 7ff7868956ca 16769->16772 16770 7ff786895741 CloseHandle 16770->16772 16771 7ff78689572b CloseHandle 16771->16772 16777 7ff78689575f 16773->16777 16777->16772 16779 7ff7868958f7 16778->16779 16780 7ff78689583a 16778->16780 16782 7ff7868958ff 16779->16782 16783 7ff786895921 16779->16783 16781 7ff786895866 GetFileInformationByHandle 16780->16781 16785 7ff786895b70 21 API calls 16780->16785 16786 7ff78689588f 16781->16786 16787 7ff786895912 GetLastError 16781->16787 16782->16787 16788 7ff786895903 16782->16788 16784 7ff786895944 PeekNamedPipe 16783->16784 16795 7ff7868958e2 16783->16795 16784->16795 16789 7ff786895854 16785->16789 16790 7ff786895a34 51 API calls 16786->16790 16792 7ff786894eec _fread_nolock 11 API calls 16787->16792 16791 7ff786894f78 _get_daylight 11 API calls 16788->16791 16789->16781 16789->16795 16794 7ff78689589a 16790->16794 16791->16795 16792->16795 16793 7ff78688c5c0 _log10_special 8 API calls 16796 7ff786895724 16793->16796 16845 7ff786895994 16794->16845 16795->16793 16796->16770 16796->16771 16799 7ff786895994 10 API calls 16800 7ff7868958b9 16799->16800 16801 7ff786895994 10 API calls 16800->16801 16802 7ff7868958ca 16801->16802 16802->16795 16803 7ff786894f78 _get_daylight 11 API calls 16802->16803 16803->16795 16805 7ff78689b338 _get_daylight 11 API calls 16804->16805 16806 7ff786894f61 16805->16806 16806->16762 16808 7ff786895caa 16807->16808 16809 7ff786894f78 _get_daylight 11 API calls 16808->16809 16827 7ff786895d42 __std_exception_copy 16808->16827 16811 7ff786895cbc 16809->16811 16810 7ff78688c5c0 _log10_special 8 API calls 16812 7ff786895751 16810->16812 16813 7ff786894f78 _get_daylight 11 API calls 16811->16813 16812->16767 16812->16768 16814 7ff786895cc4 16813->16814 16852 7ff786897e78 16814->16852 16816 7ff786895cd9 16817 7ff786895ce1 16816->16817 16818 7ff786895ceb 16816->16818 16819 7ff786894f78 _get_daylight 11 API calls 16817->16819 16820 7ff786894f78 _get_daylight 11 API calls 16818->16820 16824 7ff786895ce6 16819->16824 16821 7ff786895cf0 16820->16821 16822 7ff786894f78 _get_daylight 11 API calls 16821->16822 16821->16827 16823 7ff786895cfa 16822->16823 16825 7ff786897e78 45 API calls 16823->16825 16826 7ff786895d34 GetDriveTypeW 16824->16826 16824->16827 16825->16824 16826->16827 16827->16810 16830 7ff786895a5c 16828->16830 16829 7ff78689578d 16838 7ff786895b70 16829->16838 16830->16829 16946 7ff78689f794 16830->16946 16832 7ff786895af0 16832->16829 16833 7ff78689f794 51 API calls 16832->16833 16834 7ff786895b03 16833->16834 16834->16829 16835 7ff78689f794 51 API calls 16834->16835 16836 7ff786895b16 16835->16836 16836->16829 16837 7ff78689f794 51 API calls 16836->16837 16837->16829 16839 7ff786895b8a 16838->16839 16840 7ff786895bc1 16839->16840 16841 7ff786895b9a 16839->16841 16842 7ff78689f628 21 API calls 16840->16842 16843 7ff786894eec _fread_nolock 11 API calls 16841->16843 16844 7ff786895baa 16841->16844 16842->16844 16843->16844 16844->16777 16846 7ff7868959b0 16845->16846 16847 7ff7868959bd FileTimeToSystemTime 16845->16847 16846->16847 16849 7ff7868959b8 16846->16849 16848 7ff7868959d1 SystemTimeToTzSpecificLocalTime 16847->16848 16847->16849 16848->16849 16850 7ff78688c5c0 _log10_special 8 API calls 16849->16850 16851 7ff7868958a9 16850->16851 16851->16799 16853 7ff786897f02 16852->16853 16854 7ff786897e94 16852->16854 16889 7ff7868a0830 16853->16889 16854->16853 16856 7ff786897e99 16854->16856 16857 7ff786897eb1 16856->16857 16858 7ff786897ece 16856->16858 16864 7ff786897c48 GetFullPathNameW 16857->16864 16872 7ff786897cbc GetFullPathNameW 16858->16872 16863 7ff786897ec6 __std_exception_copy 16863->16816 16865 7ff786897c6e GetLastError 16864->16865 16868 7ff786897c84 16864->16868 16866 7ff786894eec _fread_nolock 11 API calls 16865->16866 16867 7ff786897c7b 16866->16867 16869 7ff786894f78 _get_daylight 11 API calls 16867->16869 16870 7ff786894f78 _get_daylight 11 API calls 16868->16870 16871 7ff786897c80 16868->16871 16869->16871 16870->16871 16871->16863 16873 7ff786897cef GetLastError 16872->16873 16876 7ff786897d05 __std_exception_copy 16872->16876 16874 7ff786894eec _fread_nolock 11 API calls 16873->16874 16875 7ff786897cfc 16874->16875 16877 7ff786894f78 _get_daylight 11 API calls 16875->16877 16878 7ff786897d01 16876->16878 16879 7ff786897d5f GetFullPathNameW 16876->16879 16877->16878 16880 7ff786897d94 16878->16880 16879->16873 16879->16878 16884 7ff786897e08 memcpy_s 16880->16884 16885 7ff786897dbd __scrt_get_show_window_mode 16880->16885 16881 7ff786897df1 16882 7ff786894f78 _get_daylight 11 API calls 16881->16882 16883 7ff786897df6 16882->16883 16887 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16883->16887 16884->16863 16885->16881 16885->16884 16886 7ff786897e2a 16885->16886 16886->16884 16888 7ff786894f78 _get_daylight 11 API calls 16886->16888 16887->16884 16888->16883 16892 7ff7868a0640 16889->16892 16893 7ff7868a0682 16892->16893 16894 7ff7868a066b 16892->16894 16896 7ff7868a0686 16893->16896 16897 7ff7868a06a7 16893->16897 16895 7ff786894f78 _get_daylight 11 API calls 16894->16895 16913 7ff7868a0670 16895->16913 16918 7ff7868a07ac 16896->16918 16930 7ff78689f628 16897->16930 16900 7ff7868a06ac 16905 7ff7868a0751 16900->16905 16910 7ff7868a06d3 16900->16910 16902 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16917 7ff7868a067b __std_exception_copy 16902->16917 16903 7ff7868a068f 16904 7ff786894f58 _fread_nolock 11 API calls 16903->16904 16906 7ff7868a0694 16904->16906 16905->16894 16907 7ff7868a0759 16905->16907 16909 7ff786894f78 _get_daylight 11 API calls 16906->16909 16911 7ff786897c48 13 API calls 16907->16911 16908 7ff78688c5c0 _log10_special 8 API calls 16912 7ff7868a07a1 16908->16912 16909->16913 16914 7ff786897cbc 14 API calls 16910->16914 16911->16917 16912->16863 16913->16902 16915 7ff7868a0717 16914->16915 16916 7ff786897d94 37 API calls 16915->16916 16915->16917 16916->16917 16917->16908 16919 7ff7868a07f6 16918->16919 16920 7ff7868a07c6 16918->16920 16921 7ff7868a0801 GetDriveTypeW 16919->16921 16922 7ff7868a07e1 16919->16922 16923 7ff786894f58 _fread_nolock 11 API calls 16920->16923 16921->16922 16926 7ff78688c5c0 _log10_special 8 API calls 16922->16926 16924 7ff7868a07cb 16923->16924 16925 7ff786894f78 _get_daylight 11 API calls 16924->16925 16927 7ff7868a07d6 16925->16927 16928 7ff7868a068b 16926->16928 16929 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16927->16929 16928->16900 16928->16903 16929->16922 16944 7ff7868aa540 16930->16944 16933 7ff78689f675 16937 7ff78688c5c0 _log10_special 8 API calls 16933->16937 16934 7ff78689f69c 16935 7ff78689ec08 _get_daylight 11 API calls 16934->16935 16936 7ff78689f6ab 16935->16936 16938 7ff78689f6c4 16936->16938 16939 7ff78689f6b5 GetCurrentDirectoryW 16936->16939 16940 7ff78689f709 16937->16940 16942 7ff786894f78 _get_daylight 11 API calls 16938->16942 16939->16938 16941 7ff78689f6c9 16939->16941 16940->16900 16943 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16941->16943 16942->16941 16943->16933 16945 7ff78689f65e GetCurrentDirectoryW 16944->16945 16945->16933 16945->16934 16947 7ff78689f7a1 16946->16947 16948 7ff78689f7c5 16946->16948 16947->16948 16949 7ff78689f7a6 16947->16949 16951 7ff78689f7ff 16948->16951 16952 7ff78689f81e 16948->16952 16950 7ff786894f78 _get_daylight 11 API calls 16949->16950 16953 7ff78689f7ab 16950->16953 16954 7ff786894f78 _get_daylight 11 API calls 16951->16954 16955 7ff786894fbc 45 API calls 16952->16955 16956 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16953->16956 16957 7ff78689f804 16954->16957 16961 7ff78689f82b 16955->16961 16958 7ff78689f7b6 16956->16958 16959 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16957->16959 16958->16832 16960 7ff78689f80f 16959->16960 16960->16832 16961->16960 16962 7ff7868a054c 51 API calls 16961->16962 16962->16961 15937 7ff78688bb50 15938 7ff78688bb7e 15937->15938 15939 7ff78688bb65 15937->15939 15939->15938 15942 7ff78689d66c 15939->15942 15943 7ff78689d6b7 15942->15943 15944 7ff78689d67b _get_daylight 15942->15944 15952 7ff786894f78 15943->15952 15944->15943 15945 7ff78689d69e HeapAlloc 15944->15945 15949 7ff7868a3600 15944->15949 15945->15944 15947 7ff78688bbde 15945->15947 15955 7ff7868a3640 15949->15955 15961 7ff78689b338 GetLastError 15952->15961 15954 7ff786894f81 15954->15947 15960 7ff7868a0348 EnterCriticalSection 15955->15960 15962 7ff78689b379 FlsSetValue 15961->15962 15967 7ff78689b35c 15961->15967 15963 7ff78689b369 SetLastError 15962->15963 15964 7ff78689b38b 15962->15964 15963->15954 15978 7ff78689ec08 15964->15978 15967->15962 15967->15963 15969 7ff78689b3b8 FlsSetValue 15971 7ff78689b3c4 FlsSetValue 15969->15971 15972 7ff78689b3d6 15969->15972 15970 7ff78689b3a8 FlsSetValue 15973 7ff78689b3b1 15970->15973 15971->15973 15991 7ff78689af64 15972->15991 15985 7ff78689a9b8 15973->15985 15984 7ff78689ec19 _get_daylight 15978->15984 15979 7ff78689ec6a 15982 7ff786894f78 _get_daylight 10 API calls 15979->15982 15980 7ff78689ec4e HeapAlloc 15981 7ff78689b39a 15980->15981 15980->15984 15981->15969 15981->15970 15982->15981 15983 7ff7868a3600 _get_daylight 2 API calls 15983->15984 15984->15979 15984->15980 15984->15983 15986 7ff78689a9ec 15985->15986 15987 7ff78689a9bd RtlFreeHeap 15985->15987 15986->15963 15987->15986 15988 7ff78689a9d8 GetLastError 15987->15988 15989 7ff78689a9e5 Concurrency::details::SchedulerProxy::DeleteThis 15988->15989 15990 7ff786894f78 _get_daylight 9 API calls 15989->15990 15990->15986 15996 7ff78689ae3c 15991->15996 16008 7ff7868a0348 EnterCriticalSection 15996->16008 20487 7ff7868aac53 20488 7ff7868aac63 20487->20488 20491 7ff7868954e8 LeaveCriticalSection 20488->20491 19571 7ff786899dc0 19574 7ff786899d3c 19571->19574 19581 7ff7868a0348 EnterCriticalSection 19574->19581 20492 7ff78689b040 20493 7ff78689b045 20492->20493 20497 7ff78689b05a 20492->20497 20498 7ff78689b060 20493->20498 20499 7ff78689b0a2 20498->20499 20503 7ff78689b0aa 20498->20503 20501 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20499->20501 20500 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20502 7ff78689b0b7 20500->20502 20501->20503 20504 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20502->20504 20503->20500 20505 7ff78689b0c4 20504->20505 20506 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20505->20506 20507 7ff78689b0d1 20506->20507 20508 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20507->20508 20509 7ff78689b0de 20508->20509 20510 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20509->20510 20511 7ff78689b0eb 20510->20511 20512 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20511->20512 20513 7ff78689b0f8 20512->20513 20514 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20513->20514 20515 7ff78689b105 20514->20515 20516 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20515->20516 20517 7ff78689b115 20516->20517 20518 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20517->20518 20519 7ff78689b125 20518->20519 20524 7ff78689af04 20519->20524 20538 7ff7868a0348 EnterCriticalSection 20524->20538 19582 7ff78688cbc0 19583 7ff78688cbd0 19582->19583 19599 7ff786899c18 19583->19599 19585 7ff78688cbdc 19605 7ff78688ceb8 19585->19605 19587 7ff78688d19c 7 API calls 19589 7ff78688cc75 19587->19589 19588 7ff78688cbf4 _RTC_Initialize 19597 7ff78688cc49 19588->19597 19610 7ff78688d068 19588->19610 19591 7ff78688cc09 19613 7ff786899084 19591->19613 19597->19587 19598 7ff78688cc65 19597->19598 19600 7ff786899c29 19599->19600 19601 7ff786899c31 19600->19601 19602 7ff786894f78 _get_daylight 11 API calls 19600->19602 19601->19585 19603 7ff786899c40 19602->19603 19604 7ff78689a950 _invalid_parameter_noinfo 37 API calls 19603->19604 19604->19601 19606 7ff78688cec9 19605->19606 19609 7ff78688cece __scrt_release_startup_lock 19605->19609 19607 7ff78688d19c 7 API calls 19606->19607 19606->19609 19608 7ff78688cf42 19607->19608 19609->19588 19638 7ff78688d02c 19610->19638 19612 7ff78688d071 19612->19591 19614 7ff7868990a4 19613->19614 19615 7ff78688cc15 19613->19615 19616 7ff7868990c2 GetModuleFileNameW 19614->19616 19617 7ff7868990ac 19614->19617 19615->19597 19637 7ff78688d13c InitializeSListHead 19615->19637 19621 7ff7868990ed 19616->19621 19618 7ff786894f78 _get_daylight 11 API calls 19617->19618 19619 7ff7868990b1 19618->19619 19620 7ff78689a950 _invalid_parameter_noinfo 37 API calls 19619->19620 19620->19615 19653 7ff786899024 19621->19653 19624 7ff786899135 19625 7ff786894f78 _get_daylight 11 API calls 19624->19625 19626 7ff78689913a 19625->19626 19627 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19626->19627 19627->19615 19628 7ff78689916f 19630 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19628->19630 19629 7ff78689914d 19629->19628 19631 7ff7868991b4 19629->19631 19632 7ff78689919b 19629->19632 19630->19615 19634 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19631->19634 19633 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19632->19633 19635 7ff7868991a4 19633->19635 19634->19628 19636 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19635->19636 19636->19615 19639 7ff78688d046 19638->19639 19641 7ff78688d03f 19638->19641 19642 7ff78689a25c 19639->19642 19641->19612 19645 7ff786899e98 19642->19645 19652 7ff7868a0348 EnterCriticalSection 19645->19652 19654 7ff786899074 19653->19654 19655 7ff78689903c 19653->19655 19654->19624 19654->19629 19655->19654 19656 7ff78689ec08 _get_daylight 11 API calls 19655->19656 19657 7ff78689906a 19656->19657 19658 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19657->19658 19658->19654 16010 7ff7868a0938 16011 7ff7868a095c 16010->16011 16013 7ff7868a096c 16010->16013 16012 7ff786894f78 _get_daylight 11 API calls 16011->16012 16035 7ff7868a0961 16012->16035 16014 7ff7868a0c4c 16013->16014 16015 7ff7868a098e 16013->16015 16016 7ff786894f78 _get_daylight 11 API calls 16014->16016 16017 7ff7868a09af 16015->16017 16154 7ff7868a0ff4 16015->16154 16018 7ff7868a0c51 16016->16018 16021 7ff7868a0a21 16017->16021 16022 7ff7868a09d5 16017->16022 16027 7ff7868a0a15 16017->16027 16020 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16018->16020 16020->16035 16025 7ff78689ec08 _get_daylight 11 API calls 16021->16025 16039 7ff7868a09e4 16021->16039 16169 7ff786899730 16022->16169 16023 7ff7868a0ace 16034 7ff7868a0aeb 16023->16034 16040 7ff7868a0b3d 16023->16040 16028 7ff7868a0a37 16025->16028 16027->16023 16027->16039 16175 7ff7868a719c 16027->16175 16031 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16028->16031 16030 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16030->16035 16036 7ff7868a0a45 16031->16036 16032 7ff7868a09df 16037 7ff786894f78 _get_daylight 11 API calls 16032->16037 16033 7ff7868a09fd 16033->16027 16042 7ff7868a0ff4 45 API calls 16033->16042 16038 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16034->16038 16036->16027 16036->16039 16044 7ff78689ec08 _get_daylight 11 API calls 16036->16044 16037->16039 16041 7ff7868a0af4 16038->16041 16039->16030 16040->16039 16043 7ff7868a344c 40 API calls 16040->16043 16050 7ff7868a0af9 16041->16050 16211 7ff7868a344c 16041->16211 16042->16027 16045 7ff7868a0b7a 16043->16045 16047 7ff7868a0a67 16044->16047 16048 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16045->16048 16052 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16047->16052 16053 7ff7868a0b84 16048->16053 16049 7ff7868a0c40 16055 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16049->16055 16050->16049 16056 7ff78689ec08 _get_daylight 11 API calls 16050->16056 16051 7ff7868a0b25 16054 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16051->16054 16052->16027 16053->16039 16053->16050 16054->16050 16055->16035 16057 7ff7868a0bc8 16056->16057 16058 7ff7868a0bd0 16057->16058 16059 7ff7868a0bd9 16057->16059 16060 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16058->16060 16141 7ff78689a514 16059->16141 16062 7ff7868a0bd7 16060->16062 16067 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16062->16067 16064 7ff7868a0bf0 16220 7ff7868a72b4 16064->16220 16065 7ff7868a0c7b 16150 7ff78689a970 IsProcessorFeaturePresent 16065->16150 16067->16035 16072 7ff7868a0c38 16076 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16072->16076 16073 7ff7868a0c17 16074 7ff786894f78 _get_daylight 11 API calls 16073->16074 16077 7ff7868a0c1c 16074->16077 16076->16049 16079 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16077->16079 16079->16062 16142 7ff78689a521 16141->16142 16143 7ff78689a52b 16141->16143 16142->16143 16148 7ff78689a546 16142->16148 16144 7ff786894f78 _get_daylight 11 API calls 16143->16144 16145 7ff78689a532 16144->16145 16239 7ff78689a950 16145->16239 16147 7ff78689a53e 16147->16064 16147->16065 16148->16147 16149 7ff786894f78 _get_daylight 11 API calls 16148->16149 16149->16145 16151 7ff78689a983 16150->16151 16282 7ff78689a684 16151->16282 16155 7ff7868a1011 16154->16155 16156 7ff7868a1029 16154->16156 16155->16017 16157 7ff78689ec08 _get_daylight 11 API calls 16156->16157 16158 7ff7868a104d 16157->16158 16160 7ff7868a10ae 16158->16160 16163 7ff78689ec08 _get_daylight 11 API calls 16158->16163 16164 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16158->16164 16165 7ff78689a514 __std_exception_copy 37 API calls 16158->16165 16166 7ff7868a10bd 16158->16166 16168 7ff7868a10d2 16158->16168 16162 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16160->16162 16162->16155 16163->16158 16164->16158 16165->16158 16167 7ff78689a970 _isindst 17 API calls 16166->16167 16167->16168 16304 7ff78689a574 16168->16304 16170 7ff786899740 16169->16170 16173 7ff786899749 16169->16173 16170->16173 16370 7ff786899208 16170->16370 16173->16032 16173->16033 16176 7ff7868a62c4 16175->16176 16177 7ff7868a71a9 16175->16177 16178 7ff7868a62d1 16176->16178 16185 7ff7868a6307 16176->16185 16179 7ff786894fbc 45 API calls 16177->16179 16182 7ff786894f78 _get_daylight 11 API calls 16178->16182 16195 7ff7868a6278 16178->16195 16181 7ff7868a71dd 16179->16181 16180 7ff7868a6331 16183 7ff786894f78 _get_daylight 11 API calls 16180->16183 16184 7ff7868a71e2 16181->16184 16188 7ff7868a71f3 16181->16188 16192 7ff7868a720a 16181->16192 16186 7ff7868a62db 16182->16186 16187 7ff7868a6336 16183->16187 16184->16027 16185->16180 16189 7ff7868a6356 16185->16189 16190 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16186->16190 16191 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16187->16191 16193 7ff786894f78 _get_daylight 11 API calls 16188->16193 16197 7ff786894fbc 45 API calls 16189->16197 16203 7ff7868a6341 16189->16203 16194 7ff7868a62e6 16190->16194 16191->16203 16198 7ff7868a7214 16192->16198 16199 7ff7868a7226 16192->16199 16196 7ff7868a71f8 16193->16196 16194->16027 16195->16027 16202 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16196->16202 16197->16203 16204 7ff786894f78 _get_daylight 11 API calls 16198->16204 16200 7ff7868a7237 16199->16200 16201 7ff7868a724e 16199->16201 16655 7ff7868a6314 16200->16655 16664 7ff7868a8fbc 16201->16664 16202->16184 16203->16027 16205 7ff7868a7219 16204->16205 16208 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16205->16208 16208->16184 16210 7ff786894f78 _get_daylight 11 API calls 16210->16184 16212 7ff7868a348b 16211->16212 16213 7ff7868a346e 16211->16213 16215 7ff7868a3495 16212->16215 16704 7ff7868a7ca8 16212->16704 16213->16212 16214 7ff7868a347c 16213->16214 16216 7ff786894f78 _get_daylight 11 API calls 16214->16216 16711 7ff7868a7ce4 16215->16711 16219 7ff7868a3481 __scrt_get_show_window_mode 16216->16219 16219->16051 16221 7ff786894fbc 45 API calls 16220->16221 16222 7ff7868a731a 16221->16222 16224 7ff7868a7328 16222->16224 16723 7ff78689ef94 16222->16723 16726 7ff78689551c 16224->16726 16227 7ff7868a7414 16229 7ff7868a7425 16227->16229 16231 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16227->16231 16228 7ff786894fbc 45 API calls 16230 7ff7868a7397 16228->16230 16232 7ff7868a0c13 16229->16232 16234 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16229->16234 16233 7ff78689ef94 5 API calls 16230->16233 16235 7ff7868a73a0 16230->16235 16231->16229 16232->16072 16232->16073 16233->16235 16234->16232 16236 7ff78689551c 14 API calls 16235->16236 16237 7ff7868a73fb 16236->16237 16237->16227 16238 7ff7868a7403 SetEnvironmentVariableW 16237->16238 16238->16227 16242 7ff78689a7e8 16239->16242 16241 7ff78689a969 16241->16147 16243 7ff78689a813 16242->16243 16246 7ff78689a884 16243->16246 16245 7ff78689a83a 16245->16241 16256 7ff78689a5cc 16246->16256 16251 7ff78689a8bf 16251->16245 16252 7ff78689a970 _isindst 17 API calls 16253 7ff78689a94f 16252->16253 16254 7ff78689a7e8 _invalid_parameter_noinfo 37 API calls 16253->16254 16255 7ff78689a969 16254->16255 16255->16245 16257 7ff78689a623 16256->16257 16258 7ff78689a5e8 GetLastError 16256->16258 16257->16251 16262 7ff78689a638 16257->16262 16259 7ff78689a5f8 16258->16259 16265 7ff78689b400 16259->16265 16263 7ff78689a654 GetLastError SetLastError 16262->16263 16264 7ff78689a66c 16262->16264 16263->16264 16264->16251 16264->16252 16266 7ff78689b41f FlsGetValue 16265->16266 16267 7ff78689b43a FlsSetValue 16265->16267 16269 7ff78689b434 16266->16269 16270 7ff78689a613 SetLastError 16266->16270 16268 7ff78689b447 16267->16268 16267->16270 16271 7ff78689ec08 _get_daylight 11 API calls 16268->16271 16269->16267 16270->16257 16272 7ff78689b456 16271->16272 16273 7ff78689b474 FlsSetValue 16272->16273 16274 7ff78689b464 FlsSetValue 16272->16274 16276 7ff78689b480 FlsSetValue 16273->16276 16277 7ff78689b492 16273->16277 16275 7ff78689b46d 16274->16275 16278 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16275->16278 16276->16275 16279 7ff78689af64 _get_daylight 11 API calls 16277->16279 16278->16270 16280 7ff78689b49a 16279->16280 16281 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16280->16281 16281->16270 16283 7ff78689a6be _isindst __scrt_get_show_window_mode 16282->16283 16284 7ff78689a6e6 RtlCaptureContext RtlLookupFunctionEntry 16283->16284 16285 7ff78689a720 RtlVirtualUnwind 16284->16285 16286 7ff78689a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16284->16286 16285->16286 16287 7ff78689a7a8 _isindst 16286->16287 16290 7ff78688c5c0 16287->16290 16291 7ff78688c5c9 16290->16291 16292 7ff78688c5d4 GetCurrentProcess TerminateProcess 16291->16292 16293 7ff78688c950 IsProcessorFeaturePresent 16291->16293 16294 7ff78688c968 16293->16294 16299 7ff78688cb48 RtlCaptureContext 16294->16299 16300 7ff78688cb62 RtlLookupFunctionEntry 16299->16300 16301 7ff78688c97b 16300->16301 16302 7ff78688cb78 RtlVirtualUnwind 16300->16302 16303 7ff78688c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16301->16303 16302->16300 16302->16301 16313 7ff7868a36c0 16304->16313 16339 7ff7868a3678 16313->16339 16344 7ff7868a0348 EnterCriticalSection 16339->16344 16371 7ff786899221 16370->16371 16380 7ff78689921d 16370->16380 16393 7ff7868a2660 16371->16393 16376 7ff78689923f 16419 7ff7868992ec 16376->16419 16377 7ff786899233 16378 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16377->16378 16378->16380 16380->16173 16385 7ff78689955c 16380->16385 16382 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16383 7ff786899266 16382->16383 16384 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16383->16384 16384->16380 16386 7ff78689959e 16385->16386 16387 7ff786899585 16385->16387 16386->16387 16388 7ff78689ec08 _get_daylight 11 API calls 16386->16388 16389 7ff78689962e 16386->16389 16390 7ff7868a0858 WideCharToMultiByte 16386->16390 16392 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16386->16392 16387->16173 16388->16386 16391 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16389->16391 16390->16386 16391->16387 16392->16386 16394 7ff786899226 16393->16394 16395 7ff7868a266d 16393->16395 16399 7ff7868a299c GetEnvironmentStringsW 16394->16399 16438 7ff78689b294 16395->16438 16400 7ff78689922b 16399->16400 16401 7ff7868a29cc 16399->16401 16400->16376 16400->16377 16402 7ff7868a0858 WideCharToMultiByte 16401->16402 16403 7ff7868a2a1d 16402->16403 16404 7ff7868a2a24 FreeEnvironmentStringsW 16403->16404 16405 7ff78689d66c _fread_nolock 12 API calls 16403->16405 16404->16400 16406 7ff7868a2a37 16405->16406 16407 7ff7868a2a3f 16406->16407 16408 7ff7868a2a48 16406->16408 16409 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16407->16409 16410 7ff7868a0858 WideCharToMultiByte 16408->16410 16411 7ff7868a2a46 16409->16411 16412 7ff7868a2a6b 16410->16412 16411->16404 16413 7ff7868a2a6f 16412->16413 16414 7ff7868a2a79 16412->16414 16415 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16413->16415 16416 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16414->16416 16417 7ff7868a2a77 FreeEnvironmentStringsW 16415->16417 16416->16417 16417->16400 16420 7ff786899311 16419->16420 16421 7ff78689ec08 _get_daylight 11 API calls 16420->16421 16433 7ff786899347 16421->16433 16422 7ff78689934f 16423 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16422->16423 16424 7ff786899247 16423->16424 16424->16382 16425 7ff7868993c2 16426 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16425->16426 16426->16424 16427 7ff78689ec08 _get_daylight 11 API calls 16427->16433 16428 7ff7868993b1 16649 7ff786899518 16428->16649 16430 7ff78689a514 __std_exception_copy 37 API calls 16430->16433 16432 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16432->16422 16433->16422 16433->16425 16433->16427 16433->16428 16433->16430 16434 7ff7868993e7 16433->16434 16436 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16433->16436 16435 7ff78689a970 _isindst 17 API calls 16434->16435 16437 7ff7868993fa 16435->16437 16436->16433 16439 7ff78689b2c0 FlsSetValue 16438->16439 16440 7ff78689b2a5 FlsGetValue 16438->16440 16441 7ff78689b2b2 16439->16441 16443 7ff78689b2cd 16439->16443 16440->16441 16442 7ff78689b2ba 16440->16442 16444 7ff78689b2b8 16441->16444 16445 7ff78689a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16441->16445 16442->16439 16446 7ff78689ec08 _get_daylight 11 API calls 16443->16446 16458 7ff7868a2334 16444->16458 16447 7ff78689b335 16445->16447 16448 7ff78689b2dc 16446->16448 16449 7ff78689b2fa FlsSetValue 16448->16449 16450 7ff78689b2ea FlsSetValue 16448->16450 16452 7ff78689b306 FlsSetValue 16449->16452 16453 7ff78689b318 16449->16453 16451 7ff78689b2f3 16450->16451 16454 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16451->16454 16452->16451 16455 7ff78689af64 _get_daylight 11 API calls 16453->16455 16454->16441 16456 7ff78689b320 16455->16456 16457 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16456->16457 16457->16444 16481 7ff7868a25a4 16458->16481 16460 7ff7868a2369 16496 7ff7868a2034 16460->16496 16463 7ff7868a2386 16463->16394 16464 7ff78689d66c _fread_nolock 12 API calls 16465 7ff7868a2397 16464->16465 16466 7ff7868a239f 16465->16466 16468 7ff7868a23ae 16465->16468 16467 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16466->16467 16467->16463 16468->16468 16503 7ff7868a26dc 16468->16503 16471 7ff7868a24aa 16472 7ff786894f78 _get_daylight 11 API calls 16471->16472 16473 7ff7868a24af 16472->16473 16475 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16473->16475 16474 7ff7868a2505 16480 7ff7868a256c 16474->16480 16514 7ff7868a1e64 16474->16514 16475->16463 16476 7ff7868a24c4 16476->16474 16478 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16476->16478 16477 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16477->16463 16478->16474 16480->16477 16482 7ff7868a25c7 16481->16482 16483 7ff7868a25d1 16482->16483 16529 7ff7868a0348 EnterCriticalSection 16482->16529 16485 7ff7868a2643 16483->16485 16488 7ff78689a574 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16483->16488 16485->16460 16489 7ff7868a265b 16488->16489 16491 7ff7868a26b2 16489->16491 16493 7ff78689b294 50 API calls 16489->16493 16491->16460 16494 7ff7868a269c 16493->16494 16495 7ff7868a2334 65 API calls 16494->16495 16495->16491 16530 7ff786894fbc 16496->16530 16499 7ff7868a2054 GetOEMCP 16502 7ff7868a207b 16499->16502 16500 7ff7868a2066 16501 7ff7868a206b GetACP 16500->16501 16500->16502 16501->16502 16502->16463 16502->16464 16504 7ff7868a2034 47 API calls 16503->16504 16506 7ff7868a2709 16504->16506 16505 7ff7868a285f 16507 7ff78688c5c0 _log10_special 8 API calls 16505->16507 16506->16505 16508 7ff7868a2746 IsValidCodePage 16506->16508 16513 7ff7868a2760 __scrt_get_show_window_mode 16506->16513 16509 7ff7868a24a1 16507->16509 16508->16505 16510 7ff7868a2757 16508->16510 16509->16471 16509->16476 16511 7ff7868a2786 GetCPInfo 16510->16511 16510->16513 16511->16505 16511->16513 16562 7ff7868a214c 16513->16562 16648 7ff7868a0348 EnterCriticalSection 16514->16648 16531 7ff786894fe0 16530->16531 16532 7ff786894fdb 16530->16532 16531->16532 16533 7ff78689b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16531->16533 16532->16499 16532->16500 16534 7ff786894ffb 16533->16534 16538 7ff78689d9f4 16534->16538 16539 7ff78689501e 16538->16539 16540 7ff78689da09 16538->16540 16542 7ff78689da60 16539->16542 16540->16539 16546 7ff7868a3374 16540->16546 16543 7ff78689da75 16542->16543 16544 7ff78689da88 16542->16544 16543->16544 16559 7ff7868a26c0 16543->16559 16544->16532 16547 7ff78689b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16546->16547 16548 7ff7868a3383 16547->16548 16549 7ff7868a33ce 16548->16549 16558 7ff7868a0348 EnterCriticalSection 16548->16558 16549->16539 16560 7ff78689b1c0 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16559->16560 16561 7ff7868a26c9 16560->16561 16563 7ff7868a2189 GetCPInfo 16562->16563 16564 7ff7868a227f 16562->16564 16563->16564 16570 7ff7868a219c 16563->16570 16565 7ff78688c5c0 _log10_special 8 API calls 16564->16565 16567 7ff7868a231e 16565->16567 16567->16505 16573 7ff7868a2eb0 16570->16573 16574 7ff786894fbc 45 API calls 16573->16574 16575 7ff7868a2ef2 16574->16575 16593 7ff78689f910 16575->16593 16595 7ff78689f919 MultiByteToWideChar 16593->16595 16650 7ff7868993b9 16649->16650 16651 7ff78689951d 16649->16651 16650->16432 16652 7ff786899546 16651->16652 16653 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16651->16653 16654 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16652->16654 16653->16651 16654->16650 16656 7ff7868a6331 16655->16656 16657 7ff7868a6348 16655->16657 16658 7ff786894f78 _get_daylight 11 API calls 16656->16658 16657->16656 16661 7ff7868a6356 16657->16661 16659 7ff7868a6336 16658->16659 16660 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16659->16660 16663 7ff7868a6341 16660->16663 16662 7ff786894fbc 45 API calls 16661->16662 16661->16663 16662->16663 16663->16184 16665 7ff786894fbc 45 API calls 16664->16665 16666 7ff7868a8fe1 16665->16666 16669 7ff7868a8c38 16666->16669 16671 7ff7868a8c86 16669->16671 16670 7ff78688c5c0 _log10_special 8 API calls 16672 7ff7868a7275 16670->16672 16673 7ff7868a8d0d 16671->16673 16675 7ff7868a8cf8 GetCPInfo 16671->16675 16676 7ff7868a8d11 16671->16676 16672->16184 16672->16210 16674 7ff78689f910 _fread_nolock MultiByteToWideChar 16673->16674 16673->16676 16677 7ff7868a8da5 16674->16677 16675->16673 16675->16676 16676->16670 16677->16676 16678 7ff78689d66c _fread_nolock 12 API calls 16677->16678 16679 7ff7868a8ddc 16677->16679 16678->16679 16679->16676 16680 7ff78689f910 _fread_nolock MultiByteToWideChar 16679->16680 16681 7ff7868a8e4a 16680->16681 16682 7ff7868a8f2c 16681->16682 16683 7ff78689f910 _fread_nolock MultiByteToWideChar 16681->16683 16682->16676 16684 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16682->16684 16685 7ff7868a8e70 16683->16685 16684->16676 16685->16682 16686 7ff78689d66c _fread_nolock 12 API calls 16685->16686 16687 7ff7868a8e9d 16685->16687 16686->16687 16687->16682 16688 7ff78689f910 _fread_nolock MultiByteToWideChar 16687->16688 16689 7ff7868a8f14 16688->16689 16690 7ff7868a8f34 16689->16690 16691 7ff7868a8f1a 16689->16691 16698 7ff78689efd8 16690->16698 16691->16682 16694 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16691->16694 16694->16682 16695 7ff7868a8f73 16695->16676 16697 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16695->16697 16696 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16696->16695 16697->16676 16699 7ff78689ed80 __crtLCMapStringW 5 API calls 16698->16699 16700 7ff78689f016 16699->16700 16701 7ff78689f01e 16700->16701 16702 7ff78689f240 __crtLCMapStringW 5 API calls 16700->16702 16701->16695 16701->16696 16703 7ff78689f087 CompareStringW 16702->16703 16703->16701 16705 7ff7868a7cb1 16704->16705 16706 7ff7868a7cca HeapSize 16704->16706 16707 7ff786894f78 _get_daylight 11 API calls 16705->16707 16708 7ff7868a7cb6 16707->16708 16709 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16708->16709 16710 7ff7868a7cc1 16709->16710 16710->16215 16712 7ff7868a7d03 16711->16712 16713 7ff7868a7cf9 16711->16713 16715 7ff7868a7d08 16712->16715 16722 7ff7868a7d0f _get_daylight 16712->16722 16714 7ff78689d66c _fread_nolock 12 API calls 16713->16714 16718 7ff7868a7d01 16714->16718 16719 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16715->16719 16716 7ff7868a7d42 HeapReAlloc 16716->16718 16716->16722 16717 7ff7868a7d15 16720 7ff786894f78 _get_daylight 11 API calls 16717->16720 16718->16219 16719->16718 16720->16718 16721 7ff7868a3600 _get_daylight 2 API calls 16721->16722 16722->16716 16722->16717 16722->16721 16724 7ff78689ed80 __crtLCMapStringW 5 API calls 16723->16724 16725 7ff78689efb4 16724->16725 16725->16224 16727 7ff786895546 16726->16727 16728 7ff78689556a 16726->16728 16732 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16727->16732 16733 7ff786895555 16727->16733 16729 7ff78689556f 16728->16729 16730 7ff7868955c4 16728->16730 16729->16733 16734 7ff786895584 16729->16734 16736 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16729->16736 16731 7ff78689f910 _fread_nolock MultiByteToWideChar 16730->16731 16741 7ff7868955e0 16731->16741 16732->16733 16733->16227 16733->16228 16737 7ff78689d66c _fread_nolock 12 API calls 16734->16737 16735 7ff7868955e7 GetLastError 16748 7ff786894eec 16735->16748 16736->16734 16737->16733 16739 7ff78689f910 _fread_nolock MultiByteToWideChar 16742 7ff786895666 16739->16742 16741->16735 16744 7ff78689a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16741->16744 16746 7ff786895615 16741->16746 16747 7ff786895622 16741->16747 16742->16733 16742->16735 16743 7ff786894f78 _get_daylight 11 API calls 16743->16733 16744->16746 16745 7ff78689d66c _fread_nolock 12 API calls 16745->16747 16746->16745 16747->16733 16747->16739 16749 7ff78689b338 _get_daylight 11 API calls 16748->16749 16750 7ff786894ef9 Concurrency::details::SchedulerProxy::DeleteThis 16749->16750 16751 7ff78689b338 _get_daylight 11 API calls 16750->16751 16752 7ff786894f1b 16751->16752 16752->16743 20540 7ff7868aae6e 20541 7ff7868aae87 20540->20541 20542 7ff7868aae7d 20540->20542 20544 7ff7868a03a8 LeaveCriticalSection 20542->20544 19689 7ff7868aadd9 19692 7ff7868954e8 LeaveCriticalSection 19689->19692 19902 7ff78689c590 19913 7ff7868a0348 EnterCriticalSection 19902->19913 20561 7ff786895480 20562 7ff78689548b 20561->20562 20570 7ff78689f314 20562->20570 20583 7ff7868a0348 EnterCriticalSection 20570->20583 16963 7ff78689f9fc 16964 7ff78689fbee 16963->16964 16967 7ff78689fa3e _isindst 16963->16967 16965 7ff786894f78 _get_daylight 11 API calls 16964->16965 16983 7ff78689fbde 16965->16983 16966 7ff78688c5c0 _log10_special 8 API calls 16968 7ff78689fc09 16966->16968 16967->16964 16969 7ff78689fabe _isindst 16967->16969 16984 7ff7868a6204 16969->16984 16974 7ff78689fc1a 16976 7ff78689a970 _isindst 17 API calls 16974->16976 16978 7ff78689fc2e 16976->16978 16981 7ff78689fb1b 16981->16983 17008 7ff7868a6248 16981->17008 16983->16966 16985 7ff7868a6213 16984->16985 16988 7ff78689fadc 16984->16988 17015 7ff7868a0348 EnterCriticalSection 16985->17015 16990 7ff7868a5608 16988->16990 16991 7ff7868a5611 16990->16991 16995 7ff78689faf1 16990->16995 16992 7ff786894f78 _get_daylight 11 API calls 16991->16992 16993 7ff7868a5616 16992->16993 16994 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16993->16994 16994->16995 16995->16974 16996 7ff7868a5638 16995->16996 16997 7ff7868a5641 16996->16997 17001 7ff78689fb02 16996->17001 16998 7ff786894f78 _get_daylight 11 API calls 16997->16998 16999 7ff7868a5646 16998->16999 17000 7ff78689a950 _invalid_parameter_noinfo 37 API calls 16999->17000 17000->17001 17001->16974 17002 7ff7868a5668 17001->17002 17003 7ff7868a5671 17002->17003 17004 7ff78689fb13 17002->17004 17005 7ff786894f78 _get_daylight 11 API calls 17003->17005 17004->16974 17004->16981 17006 7ff7868a5676 17005->17006 17007 7ff78689a950 _invalid_parameter_noinfo 37 API calls 17006->17007 17007->17004 17016 7ff7868a0348 EnterCriticalSection 17008->17016

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00007FF786888BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 7ff786888bd0-7ff786888d16 call 7ff78688c8c0 call 7ff786889400 SetConsoleCtrlHandler GetStartupInfoW call 7ff786895460 call 7ff78689a4ec call 7ff78689878c call 7ff786895460 call 7ff78689a4ec call 7ff78689878c call 7ff786895460 call 7ff78689a4ec call 7ff78689878c GetCommandLineW CreateProcessW 23 7ff786888d18-7ff786888d38 GetLastError call 7ff786882c50 0->23 24 7ff786888d3d-7ff786888d79 RegisterClassW 0->24 31 7ff786889029-7ff78688904f call 7ff78688c5c0 23->31 26 7ff786888d81-7ff786888dd5 CreateWindowExW 24->26 27 7ff786888d7b GetLastError 24->27 29 7ff786888ddf-7ff786888de4 ShowWindow 26->29 30 7ff786888dd7-7ff786888ddd GetLastError 26->30 27->26 32 7ff786888dea-7ff786888dfa WaitForSingleObject 29->32 30->32 34 7ff786888e78-7ff786888e7f 32->34 35 7ff786888dfc 32->35 36 7ff786888e81-7ff786888e91 WaitForSingleObject 34->36 37 7ff786888ec2-7ff786888ec9 34->37 39 7ff786888e00-7ff786888e03 35->39 40 7ff786888e97-7ff786888ea7 TerminateProcess 36->40 41 7ff786888fe8-7ff786888ff2 36->41 42 7ff786888ecf-7ff786888ee5 QueryPerformanceFrequency QueryPerformanceCounter 37->42 43 7ff786888fb0-7ff786888fc9 GetMessageW 37->43 44 7ff786888e05 GetLastError 39->44 45 7ff786888e0b-7ff786888e12 39->45 51 7ff786888eaf-7ff786888ebd WaitForSingleObject 40->51 52 7ff786888ea9 GetLastError 40->52 49 7ff786889001-7ff786889025 GetExitCodeProcess CloseHandle * 2 41->49 50 7ff786888ff4-7ff786888ffa DestroyWindow 41->50 53 7ff786888ef0-7ff786888f28 MsgWaitForMultipleObjects PeekMessageW 42->53 47 7ff786888fdf-7ff786888fe6 43->47 48 7ff786888fcb-7ff786888fd9 TranslateMessage DispatchMessageW 43->48 44->45 45->36 46 7ff786888e14-7ff786888e31 PeekMessageW 45->46 54 7ff786888e33-7ff786888e64 TranslateMessage DispatchMessageW PeekMessageW 46->54 55 7ff786888e66-7ff786888e76 WaitForSingleObject 46->55 47->41 47->43 48->47 49->31 50->49 51->41 52->51 56 7ff786888f63-7ff786888f6a 53->56 57 7ff786888f2a 53->57 54->54 54->55 55->34 55->39 56->43 59 7ff786888f6c-7ff786888f95 QueryPerformanceCounter 56->59 58 7ff786888f30-7ff786888f61 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->53 60 7ff786888f9b-7ff786888fa2 59->60 60->41 61 7ff786888fa4-7ff786888fa8 60->61 61->43
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                • Instruction ID: 438da8d0c0de37b86482c8b13a192400b1c9f3c284d2a92ccb293e5260d435ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CD1A531A08B82A6E710AF35EC542ABB761FF84B59FA00235DE5D47694DF3CD964C710
                                                                                                                                                                                                                                Function 00007FF786881000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 62 7ff786881000-7ff786883806 call 7ff78688fe88 call 7ff78688fe90 call 7ff78688c8c0 call 7ff786895460 call 7ff7868954f4 call 7ff7868836b0 76 7ff786883808-7ff78688380f 62->76 77 7ff786883814-7ff786883836 call 7ff786881950 62->77 78 7ff786883c97-7ff786883cb2 call 7ff78688c5c0 76->78 82 7ff78688383c-7ff786883856 call 7ff786881c80 77->82 83 7ff78688391b-7ff786883931 call 7ff7868845b0 77->83 87 7ff78688385b-7ff78688389b call 7ff786888a20 82->87 90 7ff78688396a-7ff78688397f call 7ff786882710 83->90 91 7ff786883933-7ff786883960 call 7ff786887f80 83->91 97 7ff78688389d-7ff7868838a3 87->97 98 7ff7868838c1-7ff7868838cc call 7ff786894fa0 87->98 101 7ff786883c8f 90->101 99 7ff786883984-7ff7868839a6 call 7ff786881c80 91->99 100 7ff786883962-7ff786883965 call 7ff7868900bc 91->100 102 7ff7868838a5-7ff7868838ad 97->102 103 7ff7868838af-7ff7868838bd call 7ff786888b90 97->103 109 7ff7868839fc-7ff786883a2a call 7ff786888b30 call 7ff786888b90 * 3 98->109 110 7ff7868838d2-7ff7868838e1 call 7ff786888a20 98->110 115 7ff7868839b0-7ff7868839b9 99->115 100->90 101->78 102->103 103->98 138 7ff786883a2f-7ff786883a3e call 7ff786888a20 109->138 119 7ff7868838e7-7ff7868838ed 110->119 120 7ff7868839f4-7ff7868839f7 call 7ff786894fa0 110->120 115->115 118 7ff7868839bb-7ff7868839d8 call 7ff786881950 115->118 118->87 130 7ff7868839de-7ff7868839ef call 7ff786882710 118->130 124 7ff7868838f0-7ff7868838fc 119->124 120->109 127 7ff7868838fe-7ff786883903 124->127 128 7ff786883905-7ff786883908 124->128 127->124 127->128 128->120 131 7ff78688390e-7ff786883916 call 7ff786894fa0 128->131 130->101 131->138 141 7ff786883b45-7ff786883b53 138->141 142 7ff786883a44-7ff786883a47 138->142 143 7ff786883b59-7ff786883b5d 141->143 144 7ff786883a67 141->144 142->141 145 7ff786883a4d-7ff786883a50 142->145 146 7ff786883a6b-7ff786883a90 call 7ff786894fa0 143->146 144->146 147 7ff786883a56-7ff786883a5a 145->147 148 7ff786883b14-7ff786883b17 145->148 157 7ff786883aab-7ff786883ac0 146->157 158 7ff786883a92-7ff786883aa6 call 7ff786888b30 146->158 147->148 149 7ff786883a60 147->149 150 7ff786883b19-7ff786883b1d 148->150 151 7ff786883b2f-7ff786883b40 call 7ff786882710 148->151 149->144 150->151 153 7ff786883b1f-7ff786883b2a 150->153 159 7ff786883c7f-7ff786883c87 151->159 153->146 161 7ff786883be8-7ff786883bfa call 7ff786888a20 157->161 162 7ff786883ac6-7ff786883aca 157->162 158->157 159->101 170 7ff786883c2e 161->170 171 7ff786883bfc-7ff786883c02 161->171 164 7ff786883bcd-7ff786883be2 call 7ff786881940 162->164 165 7ff786883ad0-7ff786883ae8 call 7ff7868952c0 162->165 164->161 164->162 175 7ff786883aea-7ff786883b02 call 7ff7868952c0 165->175 176 7ff786883b62-7ff786883b7a call 7ff7868952c0 165->176 177 7ff786883c31-7ff786883c40 call 7ff786894fa0 170->177 173 7ff786883c1e-7ff786883c2c 171->173 174 7ff786883c04-7ff786883c1c 171->174 173->177 174->177 175->164 188 7ff786883b08-7ff786883b0f 175->188 186 7ff786883b7c-7ff786883b80 176->186 187 7ff786883b87-7ff786883b9f call 7ff7868952c0 176->187 184 7ff786883c46-7ff786883c4a 177->184 185 7ff786883d41-7ff786883d63 call 7ff7868844d0 177->185 189 7ff786883cd4-7ff786883ce6 call 7ff786888a20 184->189 190 7ff786883c50-7ff786883c5f call 7ff7868890e0 184->190 199 7ff786883d65-7ff786883d6f call 7ff786884620 185->199 200 7ff786883d71-7ff786883d82 call 7ff786881c80 185->200 186->187 201 7ff786883bac-7ff786883bc4 call 7ff7868952c0 187->201 202 7ff786883ba1-7ff786883ba5 187->202 188->164 206 7ff786883ce8-7ff786883ceb 189->206 207 7ff786883d35-7ff786883d3c 189->207 204 7ff786883cb3-7ff786883cb6 call 7ff786888850 190->204 205 7ff786883c61 190->205 214 7ff786883d87-7ff786883d96 199->214 200->214 201->164 217 7ff786883bc6 201->217 202->201 216 7ff786883cbb-7ff786883cbd 204->216 211 7ff786883c68 call 7ff786882710 205->211 206->207 212 7ff786883ced-7ff786883d10 call 7ff786881c80 206->212 207->211 225 7ff786883c6d-7ff786883c77 211->225 229 7ff786883d2b-7ff786883d33 call 7ff786894fa0 212->229 230 7ff786883d12-7ff786883d26 call 7ff786882710 call 7ff786894fa0 212->230 220 7ff786883d98-7ff786883d9f 214->220 221 7ff786883dc4-7ff786883dda call 7ff786889400 214->221 223 7ff786883cc8-7ff786883ccf 216->223 224 7ff786883cbf-7ff786883cc6 216->224 217->164 220->221 227 7ff786883da1-7ff786883da5 220->227 233 7ff786883ddc 221->233 234 7ff786883de8-7ff786883e04 SetDllDirectoryW 221->234 223->214 224->211 225->159 227->221 231 7ff786883da7-7ff786883dbe SetDllDirectoryW LoadLibraryExW 227->231 229->214 230->225 231->221 233->234 237 7ff786883e0a-7ff786883e19 call 7ff786888a20 234->237 238 7ff786883f01-7ff786883f08 234->238 251 7ff786883e1b-7ff786883e21 237->251 252 7ff786883e32-7ff786883e3c call 7ff786894fa0 237->252 240 7ff786883f0e-7ff786883f15 238->240 241 7ff786883ffc-7ff786884004 238->241 240->241 244 7ff786883f1b-7ff786883f25 call 7ff7868833c0 240->244 245 7ff786884029-7ff78688405b call 7ff7868836a0 call 7ff786883360 call 7ff786883670 call 7ff786886fb0 call 7ff786886d60 241->245 246 7ff786884006-7ff786884023 PostMessageW GetMessageW 241->246 244->225 258 7ff786883f2b-7ff786883f3f call 7ff7868890c0 244->258 246->245 255 7ff786883e2d-7ff786883e2f 251->255 256 7ff786883e23-7ff786883e2b 251->256 263 7ff786883ef2-7ff786883efc call 7ff786888b30 252->263 264 7ff786883e42-7ff786883e48 252->264 255->252 256->255 271 7ff786883f64-7ff786883f7a call 7ff786888b30 call 7ff786888bd0 258->271 272 7ff786883f41-7ff786883f5e PostMessageW GetMessageW 258->272 263->238 264->263 268 7ff786883e4e-7ff786883e54 264->268 269 7ff786883e56-7ff786883e58 268->269 270 7ff786883e5f-7ff786883e61 268->270 274 7ff786883e5a 269->274 275 7ff786883e67-7ff786883e83 call 7ff786886db0 call 7ff786887330 269->275 270->238 270->275 285 7ff786883f7f-7ff786883fa7 call 7ff786886fb0 call 7ff786886d60 call 7ff786888ad0 271->285 272->271 274->238 289 7ff786883e8e-7ff786883e95 275->289 290 7ff786883e85-7ff786883e8c 275->290 310 7ff786883fe9-7ff786883ff7 call 7ff786881900 285->310 311 7ff786883fa9-7ff786883fb3 call 7ff786889200 285->311 293 7ff786883e97-7ff786883ea4 call 7ff786886df0 289->293 294 7ff786883eaf-7ff786883eb9 call 7ff7868871a0 289->294 292 7ff786883edb-7ff786883ef0 call 7ff786882a50 call 7ff786886fb0 call 7ff786886d60 290->292 292->238 293->294 308 7ff786883ea6-7ff786883ead 293->308 304 7ff786883ebb-7ff786883ec2 294->304 305 7ff786883ec4-7ff786883ed2 call 7ff7868874e0 294->305 304->292 305->238 318 7ff786883ed4 305->318 308->292 310->225 311->310 321 7ff786883fb5-7ff786883fca 311->321 318->292 322 7ff786883fcc-7ff786883fdf call 7ff786882710 call 7ff786881900 321->322 323 7ff786883fe4 call 7ff786882a50 321->323 322->225 323->310
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                • Opcode ID: 221ee4957dd18ffe06ee3afddcba002a7644656f480b66111b2d55fc76433b33
                                                                                                                                                                                                                                • Instruction ID: 7997b903bcd1d4eed58883a138d33c9e5965fdff2f3ff563d0f4a66b698a1807
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 221ee4957dd18ffe06ee3afddcba002a7644656f480b66111b2d55fc76433b33
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76328061A0868276FA25BB65DC543BBA691BF48B80FE44035DA5D432C2EF2CED74C321
                                                                                                                                                                                                                                Function 00007FF7868A5C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 477 7ff7868a5c70-7ff7868a5cab call 7ff7868a55f8 call 7ff7868a5600 call 7ff7868a5668 484 7ff7868a5cb1-7ff7868a5cbc call 7ff7868a5608 477->484 485 7ff7868a5ed5-7ff7868a5f21 call 7ff78689a970 call 7ff7868a55f8 call 7ff7868a5600 call 7ff7868a5668 477->485 484->485 490 7ff7868a5cc2-7ff7868a5ccc 484->490 510 7ff7868a605f-7ff7868a60cd call 7ff78689a970 call 7ff7868a15e8 485->510 511 7ff7868a5f27-7ff7868a5f32 call 7ff7868a5608 485->511 493 7ff7868a5cee-7ff7868a5cf2 490->493 494 7ff7868a5cce-7ff7868a5cd1 490->494 495 7ff7868a5cf5-7ff7868a5cfd 493->495 497 7ff7868a5cd4-7ff7868a5cdf 494->497 495->495 500 7ff7868a5cff-7ff7868a5d12 call 7ff78689d66c 495->500 498 7ff7868a5ce1-7ff7868a5ce8 497->498 499 7ff7868a5cea-7ff7868a5cec 497->499 498->497 498->499 499->493 502 7ff7868a5d1b-7ff7868a5d29 499->502 507 7ff7868a5d14-7ff7868a5d16 call 7ff78689a9b8 500->507 508 7ff7868a5d2a-7ff7868a5d36 call 7ff78689a9b8 500->508 507->502 519 7ff7868a5d3d-7ff7868a5d45 508->519 529 7ff7868a60cf-7ff7868a60d6 510->529 530 7ff7868a60db-7ff7868a60de 510->530 511->510 520 7ff7868a5f38-7ff7868a5f43 call 7ff7868a5638 511->520 519->519 522 7ff7868a5d47-7ff7868a5d58 call 7ff7868a04e4 519->522 520->510 531 7ff7868a5f49-7ff7868a5f6c call 7ff78689a9b8 GetTimeZoneInformation 520->531 522->485 532 7ff7868a5d5e-7ff7868a5db4 call 7ff7868aa540 * 4 call 7ff7868a5b8c 522->532 533 7ff7868a616b-7ff7868a616e 529->533 534 7ff7868a60e0 530->534 535 7ff7868a6115-7ff7868a6128 call 7ff78689d66c 530->535 545 7ff7868a5f72-7ff7868a5f93 531->545 546 7ff7868a6034-7ff7868a605e call 7ff7868a55f0 call 7ff7868a55e0 call 7ff7868a55e8 531->546 590 7ff7868a5db6-7ff7868a5dba 532->590 538 7ff7868a60e3 call 7ff7868a5eec 533->538 540 7ff7868a6174-7ff7868a617c call 7ff7868a5c70 533->540 534->538 555 7ff7868a6133-7ff7868a614e call 7ff7868a15e8 535->555 556 7ff7868a612a 535->556 550 7ff7868a60e8-7ff7868a6114 call 7ff78689a9b8 call 7ff78688c5c0 538->550 540->550 551 7ff7868a5f95-7ff7868a5f9b 545->551 552 7ff7868a5f9e-7ff7868a5fa5 545->552 551->552 560 7ff7868a5fa7-7ff7868a5faf 552->560 561 7ff7868a5fb9 552->561 574 7ff7868a6150-7ff7868a6153 555->574 575 7ff7868a6155-7ff7868a6167 call 7ff78689a9b8 555->575 563 7ff7868a612c-7ff7868a6131 call 7ff78689a9b8 556->563 560->561 569 7ff7868a5fb1-7ff7868a5fb7 560->569 567 7ff7868a5fbb-7ff7868a602f call 7ff7868aa540 * 4 call 7ff7868a2bcc call 7ff7868a6184 * 2 561->567 563->534 567->546 569->567 574->563 575->533 592 7ff7868a5dc0-7ff7868a5dc4 590->592 593 7ff7868a5dbc 590->593 592->590 595 7ff7868a5dc6-7ff7868a5deb call 7ff786896bc8 592->595 593->592 601 7ff7868a5dee-7ff7868a5df2 595->601 603 7ff7868a5e01-7ff7868a5e05 601->603 604 7ff7868a5df4-7ff7868a5dff 601->604 603->601 604->603 605 7ff7868a5e07-7ff7868a5e0b 604->605 607 7ff7868a5e8c-7ff7868a5e90 605->607 608 7ff7868a5e0d-7ff7868a5e35 call 7ff786896bc8 605->608 610 7ff7868a5e92-7ff7868a5e94 607->610 611 7ff7868a5e97-7ff7868a5ea4 607->611 617 7ff7868a5e53-7ff7868a5e57 608->617 618 7ff7868a5e37 608->618 610->611 613 7ff7868a5ebf-7ff7868a5ece call 7ff7868a55f0 call 7ff7868a55e0 611->613 614 7ff7868a5ea6-7ff7868a5ebc call 7ff7868a5b8c 611->614 613->485 614->613 617->607 623 7ff7868a5e59-7ff7868a5e77 call 7ff786896bc8 617->623 621 7ff7868a5e3a-7ff7868a5e41 618->621 621->617 624 7ff7868a5e43-7ff7868a5e51 621->624 629 7ff7868a5e83-7ff7868a5e8a 623->629 624->617 624->621 629->607 630 7ff7868a5e79-7ff7868a5e7d 629->630 630->607 631 7ff7868a5e7f 630->631 631->629
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5CB5
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A561C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78689A94F,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689A979
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78689A94F,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689A99E
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5CA4
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A567C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F1A
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F2B
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F3C
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7868A617C), ref: 00007FF7868A5F63
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                • Instruction ID: f269eb636b40f83b90217a0a694437bb284b441e3b7b8fbbe173de4a4873b2e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD1E522A0820266E721BF22DC515BBA752FF44795FE48135DE0D47A85EF3CECA1C362
                                                                                                                                                                                                                                Function 00007FF7868A69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 691 7ff7868a69d4-7ff7868a6a47 call 7ff7868a6708 694 7ff7868a6a61-7ff7868a6a6b call 7ff786898590 691->694 695 7ff7868a6a49-7ff7868a6a52 call 7ff786894f58 691->695 701 7ff7868a6a86-7ff7868a6aef CreateFileW 694->701 702 7ff7868a6a6d-7ff7868a6a84 call 7ff786894f58 call 7ff786894f78 694->702 700 7ff7868a6a55-7ff7868a6a5c call 7ff786894f78 695->700 717 7ff7868a6da2-7ff7868a6dc2 700->717 703 7ff7868a6af1-7ff7868a6af7 701->703 704 7ff7868a6b6c-7ff7868a6b77 GetFileType 701->704 702->700 707 7ff7868a6b39-7ff7868a6b67 GetLastError call 7ff786894eec 703->707 708 7ff7868a6af9-7ff7868a6afd 703->708 710 7ff7868a6bca-7ff7868a6bd1 704->710 711 7ff7868a6b79-7ff7868a6bb4 GetLastError call 7ff786894eec CloseHandle 704->711 707->700 708->707 715 7ff7868a6aff-7ff7868a6b37 CreateFileW 708->715 713 7ff7868a6bd3-7ff7868a6bd7 710->713 714 7ff7868a6bd9-7ff7868a6bdc 710->714 711->700 726 7ff7868a6bba-7ff7868a6bc5 call 7ff786894f78 711->726 721 7ff7868a6be2-7ff7868a6c37 call 7ff7868984a8 713->721 714->721 722 7ff7868a6bde 714->722 715->704 715->707 729 7ff7868a6c56-7ff7868a6c87 call 7ff7868a6488 721->729 730 7ff7868a6c39-7ff7868a6c45 call 7ff7868a6910 721->730 722->721 726->700 736 7ff7868a6c89-7ff7868a6c8b 729->736 737 7ff7868a6c8d-7ff7868a6ccf 729->737 730->729 738 7ff7868a6c47 730->738 739 7ff7868a6c49-7ff7868a6c51 call 7ff78689ab30 736->739 740 7ff7868a6cf1-7ff7868a6cfc 737->740 741 7ff7868a6cd1-7ff7868a6cd5 737->741 738->739 739->717 743 7ff7868a6da0 740->743 744 7ff7868a6d02-7ff7868a6d06 740->744 741->740 742 7ff7868a6cd7-7ff7868a6cec 741->742 742->740 743->717 744->743 746 7ff7868a6d0c-7ff7868a6d51 CloseHandle CreateFileW 744->746 748 7ff7868a6d53-7ff7868a6d81 GetLastError call 7ff786894eec call 7ff7868986d0 746->748 749 7ff7868a6d86-7ff7868a6d9b 746->749 748->749 749->743
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                • Instruction ID: 3171dfbe549b8d5a575667b336bac2fc80750441a655accd573b209428e1d0c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42C10432B28A4295EB10EF66C8906AE7761F748B98F615235DF2E573D4DF38E861C310
                                                                                                                                                                                                                                Function 00007FF7868A5EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 957 7ff7868a5eec-7ff7868a5f21 call 7ff7868a55f8 call 7ff7868a5600 call 7ff7868a5668 964 7ff7868a605f-7ff7868a60cd call 7ff78689a970 call 7ff7868a15e8 957->964 965 7ff7868a5f27-7ff7868a5f32 call 7ff7868a5608 957->965 976 7ff7868a60cf-7ff7868a60d6 964->976 977 7ff7868a60db-7ff7868a60de 964->977 965->964 970 7ff7868a5f38-7ff7868a5f43 call 7ff7868a5638 965->970 970->964 978 7ff7868a5f49-7ff7868a5f6c call 7ff78689a9b8 GetTimeZoneInformation 970->978 979 7ff7868a616b-7ff7868a616e 976->979 980 7ff7868a60e0 977->980 981 7ff7868a6115-7ff7868a6128 call 7ff78689d66c 977->981 988 7ff7868a5f72-7ff7868a5f93 978->988 989 7ff7868a6034-7ff7868a605e call 7ff7868a55f0 call 7ff7868a55e0 call 7ff7868a55e8 978->989 983 7ff7868a60e3 call 7ff7868a5eec 979->983 985 7ff7868a6174-7ff7868a617c call 7ff7868a5c70 979->985 980->983 997 7ff7868a6133-7ff7868a614e call 7ff7868a15e8 981->997 998 7ff7868a612a 981->998 992 7ff7868a60e8-7ff7868a6114 call 7ff78689a9b8 call 7ff78688c5c0 983->992 985->992 993 7ff7868a5f95-7ff7868a5f9b 988->993 994 7ff7868a5f9e-7ff7868a5fa5 988->994 993->994 1001 7ff7868a5fa7-7ff7868a5faf 994->1001 1002 7ff7868a5fb9 994->1002 1013 7ff7868a6150-7ff7868a6153 997->1013 1014 7ff7868a6155-7ff7868a6167 call 7ff78689a9b8 997->1014 1004 7ff7868a612c-7ff7868a6131 call 7ff78689a9b8 998->1004 1001->1002 1009 7ff7868a5fb1-7ff7868a5fb7 1001->1009 1007 7ff7868a5fbb-7ff7868a602f call 7ff7868aa540 * 4 call 7ff7868a2bcc call 7ff7868a6184 * 2 1002->1007 1004->980 1007->989 1009->1007 1013->1004 1014->979
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F1A
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A567C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F2B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A561C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F3C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A564C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7868A617C), ref: 00007FF7868A5F63
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                • Instruction ID: d85df6983de4796410c255be07c94f9412824f40e8ee58feaf04f3c59d629aad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF51C631A08642A6E750FF32EC915ABE761BB48785FE04135DE0D43A96DF3CE8A1C761
                                                                                                                                                                                                                                Function 00007FF7868892F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                • Instruction ID: b1332d000ec5f340ea4a1df85e41ec7272790a3c7aa0ed4c4a4cae79f870e271
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F06822A1874296FB609B64B849777B350FB84764F941335D96D02AD4DF3CD869CB10
                                                                                                                                                                                                                                Function 00007FF7868A0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                                                                                                                • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                • Instruction ID: e46cd28029d3678a396474e12fa5e81059154fd499b2ddbecbc7173e0ab1010f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C02CF21A1D64261FA60BB129C1127BA680BF45BA9FF54634DD6D463D2EE3DFC31C322
                                                                                                                                                                                                                                Function 00007FF786881950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 329 7ff786881950-7ff78688198b call 7ff7868845b0 332 7ff786881c4e-7ff786881c72 call 7ff78688c5c0 329->332 333 7ff786881991-7ff7868819d1 call 7ff786887f80 329->333 338 7ff786881c3b-7ff786881c3e call 7ff7868900bc 333->338 339 7ff7868819d7-7ff7868819e7 call 7ff786890744 333->339 342 7ff786881c43-7ff786881c4b 338->342 344 7ff7868819e9-7ff786881a03 call 7ff786894f78 call 7ff786882910 339->344 345 7ff786881a08-7ff786881a24 call 7ff78689040c 339->345 342->332 344->338 351 7ff786881a26-7ff786881a40 call 7ff786894f78 call 7ff786882910 345->351 352 7ff786881a45-7ff786881a5a call 7ff786894f98 345->352 351->338 359 7ff786881a5c-7ff786881a76 call 7ff786894f78 call 7ff786882910 352->359 360 7ff786881a7b-7ff786881b05 call 7ff786881c80 * 2 call 7ff786890744 call 7ff786894fb4 352->360 359->338 373 7ff786881b0a-7ff786881b14 360->373 374 7ff786881b16-7ff786881b30 call 7ff786894f78 call 7ff786882910 373->374 375 7ff786881b35-7ff786881b4e call 7ff78689040c 373->375 374->338 381 7ff786881b50-7ff786881b6a call 7ff786894f78 call 7ff786882910 375->381 382 7ff786881b6f-7ff786881b8b call 7ff786890180 375->382 381->338 389 7ff786881b9e-7ff786881bac 382->389 390 7ff786881b8d-7ff786881b99 call 7ff786882710 382->390 389->338 391 7ff786881bb2-7ff786881bb9 389->391 390->338 394 7ff786881bc1-7ff786881bc7 391->394 396 7ff786881bc9-7ff786881bd6 394->396 397 7ff786881be0-7ff786881bef 394->397 398 7ff786881bf1-7ff786881bfa 396->398 397->397 397->398 399 7ff786881bfc-7ff786881bff 398->399 400 7ff786881c0f 398->400 399->400 401 7ff786881c01-7ff786881c04 399->401 402 7ff786881c11-7ff786881c24 400->402 401->400 403 7ff786881c06-7ff786881c09 401->403 404 7ff786881c2d-7ff786881c39 402->404 405 7ff786881c26 402->405 403->400 406 7ff786881c0b-7ff786881c0d 403->406 404->338 404->394 405->404 406->402
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786887F80: _fread_nolock.LIBCMT ref: 00007FF78688802A
                                                                                                                                                                                                                                • _fread_nolock.LIBCMT ref: 00007FF786881A1B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF786881B6A), ref: 00007FF78688295E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                • Opcode ID: f8096cce2067d15cebc3bdaacbdc60c8b6a2e1e4d6ea3146b715ff88ef4c1dca
                                                                                                                                                                                                                                • Instruction ID: 5d3eeb9d97ec27f1a87f5db144c8365455cd6b26130d5cfdf597f18d37084262
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8096cce2067d15cebc3bdaacbdc60c8b6a2e1e4d6ea3146b715ff88ef4c1dca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7281C571A1C683A9E720EB15D8406BBA3A2FF44B84FE04035D98D47786EE3CED65C760
                                                                                                                                                                                                                                Function 00007FF786881600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 407 7ff786881600-7ff786881611 408 7ff786881637-7ff786881651 call 7ff7868845b0 407->408 409 7ff786881613-7ff78688161c call 7ff786881050 407->409 416 7ff786881653-7ff786881681 call 7ff786894f78 call 7ff786882910 408->416 417 7ff786881682-7ff78688169c call 7ff7868845b0 408->417 414 7ff78688162e-7ff786881636 409->414 415 7ff78688161e-7ff786881629 call 7ff786882710 409->415 415->414 424 7ff78688169e-7ff7868816b3 call 7ff786882710 417->424 425 7ff7868816b8-7ff7868816cf call 7ff786890744 417->425 431 7ff786881821-7ff786881824 call 7ff7868900bc 424->431 432 7ff7868816f9-7ff7868816fd 425->432 433 7ff7868816d1-7ff7868816f4 call 7ff786894f78 call 7ff786882910 425->433 440 7ff786881829-7ff78688183b 431->440 434 7ff786881717-7ff786881737 call 7ff786894fb4 432->434 435 7ff7868816ff-7ff78688170b call 7ff786881210 432->435 445 7ff786881819-7ff78688181c call 7ff7868900bc 433->445 446 7ff786881739-7ff78688175c call 7ff786894f78 call 7ff786882910 434->446 447 7ff786881761-7ff78688176c 434->447 442 7ff786881710-7ff786881712 435->442 442->445 445->431 460 7ff78688180f-7ff786881814 446->460 451 7ff786881802-7ff78688180a call 7ff786894fa0 447->451 452 7ff786881772-7ff786881777 447->452 451->460 455 7ff786881780-7ff7868817a2 call 7ff78689040c 452->455 462 7ff7868817da-7ff7868817e6 call 7ff786894f78 455->462 463 7ff7868817a4-7ff7868817bc call 7ff786890b4c 455->463 460->445 470 7ff7868817ed-7ff7868817f8 call 7ff786882910 462->470 468 7ff7868817be-7ff7868817c1 463->468 469 7ff7868817c5-7ff7868817d8 call 7ff786894f78 463->469 468->455 471 7ff7868817c3 468->471 469->470 474 7ff7868817fd 470->474 471->474 474->451
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                • Opcode ID: e33f210c217a6ffcc68d29fe46a5e37371bf7e5689aecd108357e4c1f5d99a01
                                                                                                                                                                                                                                • Instruction ID: 1ffdf0340a463e01c4bc35ad65cebf53aa21542038603b3c6465b969e06ec171
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e33f210c217a6ffcc68d29fe46a5e37371bf7e5689aecd108357e4c1f5d99a01
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3151AE21B18643A6EA10BB129C015ABE3A1BF44B94FE44135EE8C47796EF3CFD65C760
                                                                                                                                                                                                                                Function 00007FF786888850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(?,?,00000000,00007FF786883CBB), ref: 00007FF7868888F4
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00007FF786883CBB), ref: 00007FF7868888FA
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00007FF786883CBB), ref: 00007FF78688893C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888A20: GetEnvironmentVariableW.KERNEL32(00007FF78688388E), ref: 00007FF786888A57
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF786888A79
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868982A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868982C1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882810: MessageBoxW.USER32 ref: 00007FF7868828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                • Instruction ID: e80f85e9115bd43bfd1e125a96ca807e243bdb7f044dfdcdd7aec694fa0634d8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0241A351A1864365FA20FB66AC552BB9291BF88B84FE00031DD0D4B7D6EE3CED21C721
                                                                                                                                                                                                                                Function 00007FF786881210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 754 7ff786881210-7ff78688126d call 7ff78688bdf0 757 7ff786881297-7ff7868812af call 7ff786894fb4 754->757 758 7ff78688126f-7ff786881296 call 7ff786882710 754->758 763 7ff7868812d4-7ff7868812e4 call 7ff786894fb4 757->763 764 7ff7868812b1-7ff7868812cf call 7ff786894f78 call 7ff786882910 757->764 770 7ff786881309-7ff78688131b 763->770 771 7ff7868812e6-7ff786881304 call 7ff786894f78 call 7ff786882910 763->771 775 7ff786881439-7ff78688144e call 7ff78688bad0 call 7ff786894fa0 * 2 764->775 774 7ff786881320-7ff786881345 call 7ff78689040c 770->774 771->775 783 7ff78688134b-7ff786881355 call 7ff786890180 774->783 784 7ff786881431 774->784 791 7ff786881453-7ff78688146d 775->791 783->784 790 7ff78688135b-7ff786881367 783->790 784->775 792 7ff786881370-7ff786881398 call 7ff78688a230 790->792 795 7ff78688139a-7ff78688139d 792->795 796 7ff786881416-7ff78688142c call 7ff786882710 792->796 797 7ff786881411 795->797 798 7ff78688139f-7ff7868813a9 795->798 796->784 797->796 800 7ff7868813ab-7ff7868813b9 call 7ff786890b4c 798->800 801 7ff7868813d4-7ff7868813d7 798->801 807 7ff7868813be-7ff7868813c1 800->807 802 7ff7868813ea-7ff7868813ef 801->802 803 7ff7868813d9-7ff7868813e7 call 7ff7868a9ea0 801->803 802->792 806 7ff7868813f5-7ff7868813f8 802->806 803->802 809 7ff78688140c-7ff78688140f 806->809 810 7ff7868813fa-7ff7868813fd 806->810 811 7ff7868813c3-7ff7868813cd call 7ff786890180 807->811 812 7ff7868813cf-7ff7868813d2 807->812 809->784 810->796 813 7ff7868813ff-7ff786881407 810->813 811->802 811->812 812->796 813->774
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                • Instruction ID: 48d92ab5e57d2e909a0196a2dc40c0e968f3a15ec074bb16271c88c7a2ad4f37
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E751D222A1864365E660BB12AC103BBE291BF85B98FE44135ED8D477D5EF3CED21C720
                                                                                                                                                                                                                                Function 00007FF7868836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF786883804), ref: 00007FF7868836E1
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF786883804), ref: 00007FF7868836EB
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882C9E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882D63
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: MessageBoxW.USER32 ref: 00007FF786882D99
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                • Instruction ID: b959de0d5084b33c3ffb6be68ab4057664d1f31ce870a0e2ad482121e6d76bce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F21A751B1C642B5FE20B725EC113B7A361BF88B55FE00132D95E825D5EE2CED25C361
                                                                                                                                                                                                                                Function 00007FF78689BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 844 7ff78689bacc-7ff78689baf2 845 7ff78689baf4-7ff78689bb08 call 7ff786894f58 call 7ff786894f78 844->845 846 7ff78689bb0d-7ff78689bb11 844->846 860 7ff78689befe 845->860 847 7ff78689bee7-7ff78689bef3 call 7ff786894f58 call 7ff786894f78 846->847 848 7ff78689bb17-7ff78689bb1e 846->848 867 7ff78689bef9 call 7ff78689a950 847->867 848->847 850 7ff78689bb24-7ff78689bb52 848->850 850->847 853 7ff78689bb58-7ff78689bb5f 850->853 856 7ff78689bb61-7ff78689bb73 call 7ff786894f58 call 7ff786894f78 853->856 857 7ff78689bb78-7ff78689bb7b 853->857 856->867 863 7ff78689bb81-7ff78689bb87 857->863 864 7ff78689bee3-7ff78689bee5 857->864 865 7ff78689bf01-7ff78689bf18 860->865 863->864 868 7ff78689bb8d-7ff78689bb90 863->868 864->865 867->860 868->856 871 7ff78689bb92-7ff78689bbb7 868->871 873 7ff78689bbea-7ff78689bbf1 871->873 874 7ff78689bbb9-7ff78689bbbb 871->874 875 7ff78689bbf3-7ff78689bc1b call 7ff78689d66c call 7ff78689a9b8 * 2 873->875 876 7ff78689bbc6-7ff78689bbdd call 7ff786894f58 call 7ff786894f78 call 7ff78689a950 873->876 877 7ff78689bbe2-7ff78689bbe8 874->877 878 7ff78689bbbd-7ff78689bbc4 874->878 909 7ff78689bc38-7ff78689bc63 call 7ff78689c2f4 875->909 910 7ff78689bc1d-7ff78689bc33 call 7ff786894f78 call 7ff786894f58 875->910 906 7ff78689bd70 876->906 880 7ff78689bc68-7ff78689bc7f 877->880 878->876 878->877 883 7ff78689bc81-7ff78689bc89 880->883 884 7ff78689bcfa-7ff78689bd04 call 7ff7868a398c 880->884 883->884 888 7ff78689bc8b-7ff78689bc8d 883->888 895 7ff78689bd0a-7ff78689bd1f 884->895 896 7ff78689bd8e 884->896 888->884 892 7ff78689bc8f-7ff78689bca5 888->892 892->884 897 7ff78689bca7-7ff78689bcb3 892->897 895->896 901 7ff78689bd21-7ff78689bd33 GetConsoleMode 895->901 899 7ff78689bd93-7ff78689bdb3 ReadFile 896->899 897->884 902 7ff78689bcb5-7ff78689bcb7 897->902 904 7ff78689bdb9-7ff78689bdc1 899->904 905 7ff78689bead-7ff78689beb6 GetLastError 899->905 901->896 907 7ff78689bd35-7ff78689bd3d 901->907 902->884 908 7ff78689bcb9-7ff78689bcd1 902->908 904->905 912 7ff78689bdc7 904->912 915 7ff78689bed3-7ff78689bed6 905->915 916 7ff78689beb8-7ff78689bece call 7ff786894f78 call 7ff786894f58 905->916 917 7ff78689bd73-7ff78689bd7d call 7ff78689a9b8 906->917 907->899 914 7ff78689bd3f-7ff78689bd61 ReadConsoleW 907->914 908->884 918 7ff78689bcd3-7ff78689bcdf 908->918 909->880 910->906 922 7ff78689bdce-7ff78689bde3 912->922 924 7ff78689bd82-7ff78689bd8c 914->924 925 7ff78689bd63 GetLastError 914->925 919 7ff78689bd69-7ff78689bd6b call 7ff786894eec 915->919 920 7ff78689bedc-7ff78689bede 915->920 916->906 917->865 918->884 928 7ff78689bce1-7ff78689bce3 918->928 919->906 920->917 922->917 931 7ff78689bde5-7ff78689bdf0 922->931 924->922 925->919 928->884 929 7ff78689bce5-7ff78689bcf5 928->929 929->884 936 7ff78689bdf2-7ff78689be0b call 7ff78689b6e4 931->936 937 7ff78689be17-7ff78689be1f 931->937 944 7ff78689be10-7ff78689be12 936->944 940 7ff78689be21-7ff78689be33 937->940 941 7ff78689be9b-7ff78689bea8 call 7ff78689b524 937->941 945 7ff78689be35 940->945 946 7ff78689be8e-7ff78689be96 940->946 941->944 944->917 948 7ff78689be3a-7ff78689be41 945->948 946->917 949 7ff78689be43-7ff78689be47 948->949 950 7ff78689be7d-7ff78689be88 948->950 951 7ff78689be63 949->951 952 7ff78689be49-7ff78689be50 949->952 950->946 953 7ff78689be69-7ff78689be79 951->953 952->951 954 7ff78689be52-7ff78689be56 952->954 953->948 956 7ff78689be7b 953->956 954->951 955 7ff78689be58-7ff78689be61 954->955 955->953 956->946
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                • Instruction ID: 3fe11dfb4f17d52e7ca9e7b3a904445dc9338b43c0ac86570b593e5a383f281f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65C1B52290C686A9E751AB1598402BFA766FF81B84FF54131EA4E037D1EE7CFC65C720
                                                                                                                                                                                                                                Function 00007FF786888760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 995526605-0
                                                                                                                                                                                                                                • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                • Instruction ID: 737e1cc9e312d5382d2dd48a68685e994e9840502e45c352efb8c21d7b852d4f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5219131A0C64352EB10AB55F85023BE7A1FF85BA1FA00235EAAD47AE4DF7CD864C710
                                                                                                                                                                                                                                Function 00007FF7868890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetCurrentProcess.KERNEL32 ref: 00007FF786888780
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: OpenProcessToken.ADVAPI32 ref: 00007FF786888793
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetTokenInformation.KERNELBASE ref: 00007FF7868887B8
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetLastError.KERNEL32 ref: 00007FF7868887C2
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetTokenInformation.KERNELBASE ref: 00007FF786888802
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF78688881E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: CloseHandle.KERNEL32 ref: 00007FF786888836
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00007FF786883C55), ref: 00007FF78688916C
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00007FF786883C55), ref: 00007FF786889175
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                • Instruction ID: ef3bf6fad5dbd0aa3349c71074ff84d0aa20490984f6e11aa704c6540b5942df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA214F25A08742A5FA10BB11ED153EBA265FF84B80FE44031EA4D53B86DF3CEC15C760
                                                                                                                                                                                                                                Function 00007FF786887E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(00000000,?,00007FF78688352C,?,00000000,00007FF786883F23), ref: 00007FF786887F22
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                                                                • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                • Instruction ID: 0e615587edf77ffd1bd11e1794e7ee4dbe2f48831fa020e9eafb92a69419043b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2831D821619AC165EA21AB11EC507EBA364FF94FE4F940231EE6D43BC9DE2CDA11C710
                                                                                                                                                                                                                                Function 00007FF78689CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78689CFBB), ref: 00007FF78689D0EC
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78689CFBB), ref: 00007FF78689D177
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                • Instruction ID: 314405e92c54fe47af876ef52776881fa842567d37adf484145b950fdbd80306
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E910E32F18A51A5F750AF659C4027EABA0BB45788FB44135DE0D53686EE3CFC62CB24
                                                                                                                                                                                                                                Function 00007FF78689F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                • Instruction ID: 4094a66d5b99ca3d403801d18793965d5da29ac97c06b9f3adbb7227d4bb10b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74510772F08111AAFB28EF249D556BEB7A1BB00358FB04135DE1E52AE4EB38BC51C710
                                                                                                                                                                                                                                Function 00007FF7868957EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                • Instruction ID: f99fc6d47d5cf4a6cbd26f2c241bfaaac3c51670f09e7bd9ec395e9a80d1c405
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3451D262E186419AFB11EF71E8503BEA3B1BB44B58FA44435DE4D57688EF38E861C321
                                                                                                                                                                                                                                Function 00007FF786895698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                • Instruction ID: 34dd8e7d0931d4145ed8793a1c6ed29c14a7d2ec580079bc391c4c5de8f72986
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4441B522D18782A7E711AB21995037AB360FB94764F609334EA5C03AD1EF7CB9F0C721
                                                                                                                                                                                                                                Function 00007FF78688CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3251591375-0
                                                                                                                                                                                                                                • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                • Instruction ID: beedc2530818bd3f20e9735d9b598f19e1bf10e76e5436f8ed69fdf564e3ff3f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD313810E4824375FA64BB25DC223BB9691BF41B84FE44434E94D476DBDE2CBC25C671
                                                                                                                                                                                                                                Function 00007FF7868901AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                • Instruction ID: 665c93adb0c584f00bd214158fe094e281fa43c5923644cbf4b420326caaadac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C251F621B0924266E764AA759C0067BE291BF44BA8FB44738DE6D437C5EF3CFC21D620
                                                                                                                                                                                                                                Function 00007FF78689C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                • Instruction ID: 2dbfb5474d542de2611190ac62ffe3654f8399c72199d0216cb257f0209406b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2711E761718B8191DA10AB25AC1426AE361BB45BF4FB44331EE7D4B7D9DF7CE821C700
                                                                                                                                                                                                                                Function 00007FF786895994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7868958A9), ref: 00007FF7868959C7
                                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7868958A9), ref: 00007FF7868959DD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                                • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                • Instruction ID: 8ace470f172627c7f2821f3faac3b785b6b8a0c00cd256615bad490d332f231c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C11A37261C61292EB54AB51A84113FF7A0FB84771FA00235FADD819D8FF6CE824CB20
                                                                                                                                                                                                                                Function 00007FF78689A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                • Instruction ID: 774ea465db3869487028056138b5d626f31bcc8fa99dad765c66b46427e2cb87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84E04F10E1860267FF147BB29C5513B92517F88741FA50030C81D422A1EE2CBCA5C320
                                                                                                                                                                                                                                Function 00007FF78689ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF78689AA45,?,?,00000000,00007FF78689AAFA), ref: 00007FF78689AC36
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF78689AA45,?,?,00000000,00007FF78689AAFA), ref: 00007FF78689AC40
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                • Instruction ID: 0a7110f359e1e6a0c7f033f335cff42f2b88689ea5dfbc941ec59c8e950b9473
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321A411B1C64261EE9077619C9027B9292BF847A4FB84235DA1E4B3C1EE6CFC65C320
                                                                                                                                                                                                                                Function 00007FF78689BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                                • Instruction ID: 8997ef36e8d08448af129c917bb73bba53ee60a7b9851b75f2aa102892bb567e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E41D6329082019BEB34AB16A94427BB3A5FB55B54FB00131DA8E436D1EF6DFC52CB71
                                                                                                                                                                                                                                Function 00007FF786887F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                • Opcode ID: c7509c5c59c4a666db98ff03363a6938e2dccbe5af1fc5850b6eda6e7b6e2098
                                                                                                                                                                                                                                • Instruction ID: a0401811d907a02e121748e563ddec2030a19939cd3a8e8091dad5b2dace5c1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7509c5c59c4a666db98ff03363a6938e2dccbe5af1fc5850b6eda6e7b6e2098
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C121D661B49652A5FA20BA226D043BBE691BF45FD8FEC4430EE0D0F786DE7DE851C610
                                                                                                                                                                                                                                Function 00007FF78689B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                • Instruction ID: 2641597b1bcdb6f08cf892f11f01822c6d5307bbb622eca379daa64d4c4d0e81
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8316D31A28642A9E7517B558C4127FA691BB40BA4FE10135E92D273D2EEBCFC61C731
                                                                                                                                                                                                                                Function 00007FF786896004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                • Instruction ID: d5cfce93e65802c74b1b11083c1f75275c8c99e29acdeddc64114d30c52a7a43
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61116222A1864291EA61BF11980017FE260BF45B98FE44031EB4C57A96EFBDFD60C722
                                                                                                                                                                                                                                Function 00007FF7868A63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                • Instruction ID: 675be22f4dea1f475448b76cd36bd846d34dafe06e7aa2872b1e4e170037bc1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D212972608A4297D760AF19D84077AB3A0FB80B55FB40234EA9E476D9DF3CDC60CB10
                                                                                                                                                                                                                                Function 00007FF78689042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                • Instruction ID: 75912b1bf679fed69e5c81c0d616f01fe24bb1b898691c92ace4de55fb2e9e87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A010861A0874150E910FF525D0106AE691BF91FE4FA84634DE5C53BD6EE3CF821C710
                                                                                                                                                                                                                                Function 00007FF786897F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                • Instruction ID: f090db4f5b285477d903c9cdacff65f9e73b3680bd070995a928458a105faf27
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0016D20A0D64360FAA07B215D0117BD190BF447A8FF44535EB1D526C6EFACBC72C231
                                                                                                                                                                                                                                Function 00007FF7868982A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                • Instruction ID: acd5d908dae84a6d84db828dae075d3e50ca6577d6f35f8a44f019e429683827
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCE0ECA0E18A07A6F6143AE44D8217B91107F5A344FF15870EA0C1A2C3FEBD7C69D631
                                                                                                                                                                                                                                Function 00007FF78689EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF78689B39A,?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA), ref: 00007FF78689EC5D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                • Instruction ID: d9d8ed657a9068b35c4e0db45b499d1f2434a4b39ec4de4383699b30913f19ff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96F03C50B1960766FE547A626C652B78A817F45B84FAC5430D94E86391FD5CFCB1C230
                                                                                                                                                                                                                                Function 00007FF78689D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF786890D00,?,?,?,00007FF78689236A,?,?,?,?,?,00007FF786893B59), ref: 00007FF78689D6AA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                • Instruction ID: 017bc7437dd84b26760dbd645b9478d37f1b666bfec2f0458e8ff71825126909
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F03A14A0DB0265FE5676625C1127AA2907F957A0FA84230DE2E853C2EE6CBC60C974

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00007FF786885820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885830
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885842
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885879
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688588B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858A4
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858B6
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858CF
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858E1
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858FD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688590F
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688592B
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688593D
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885959
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688596B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885987
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885999
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868859B5
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868859C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                • API String ID: 199729137-653951865
                                                                                                                                                                                                                                • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                • Instruction ID: ce75427a784e0e5f74f45ae2c3caa6ddfef49f28481a8729d3e78feca5847dff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34229524A49B47B5FA95BB56AD50277A3A1BF04B56FE41035CC1E02360EF7CED78C222
                                                                                                                                                                                                                                Function 00007FF7868A411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                • Instruction ID: 0c0383e953bc31c05e5e85539a9e7f1421ecc1f2729aa4c8509a2e75dcd0c27a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AB23972E182829BEB259F66D9407FEB3A1FB44349FA01135DE0D57A84DB38ED20CB51
                                                                                                                                                                                                                                Function 00007FF7868883B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF78688841B
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF78688849E
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884BD
                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884CB
                                                                                                                                                                                                                                • FindClose.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884DC
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884E5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                • String ID: %s\*
                                                                                                                                                                                                                                • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                • Instruction ID: ded52e21894fb40567f0cd365215e39380ed7354b0157a87048cd12689cfa2aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF41A062A0C943A5EA30BB21EC445BBA3A5FF94B50FE00232D99D466C4DF3CED56C720
                                                                                                                                                                                                                                Function 00007FF78688AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                • API String ID: 0-2665694366
                                                                                                                                                                                                                                • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                • Instruction ID: b2a640164f3b62e2c95abf0fa394c15fa7ce7200fc3421e56d7e19c41bd49079
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30521872A146AA9BD7A49F14C858B7E7BAAFB84740F514138EA4E877C0DB3CDC50CB10
                                                                                                                                                                                                                                Function 00007FF78688D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                • Instruction ID: 9d75b1113054d2fb331f7db43c923384e283103b4617b015ac9b0d72fb6b7c38
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21315372608B819AEB609F61EC803EEB361FB88745F94403ADA4D47B95DF3CD958C720
                                                                                                                                                                                                                                Function 00007FF78689A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                • Instruction ID: 6d4fd482c85bd7a40884fcf087a0e9f48c4e323a183cd58a4507cfbaac2abe28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10316436618B8196D760DF25EC402AFB3A4FB88754FA40136EA8D43B58EF3CD555CB10
                                                                                                                                                                                                                                Function 00007FF7868A18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                • Instruction ID: 64cdd60047b320c9d8144e239ccdc5194dddd32b31bbcd7269d75422acd347b7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CB1A422B1869251EA60AB629D001BBE3A1FB44BE5FE45131DE9D17BC5EF3CEC61C311
                                                                                                                                                                                                                                Function 00007FF78688D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                • Instruction ID: e33f877b0c3400c062c6459c327c8d0d4595e5f27f299ae574f67bd03c07446c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B118822B14B069AEB00DF61EC442BA73B0FB08758F840E31DE2D82BA4DF38D4A4C350
                                                                                                                                                                                                                                Function 00007FF7868A3C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                • Instruction ID: cccf4507d1302c48915365813094ec97afee7d276533fc89fa4e001dfd7f6ebf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6C1E272B1868697EB249F1AA44467AF7A1F794B85FA48134DF4E43B44DB3DEC20CB40
                                                                                                                                                                                                                                Function 00007FF78688A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                • API String ID: 0-1127688429
                                                                                                                                                                                                                                • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                • Instruction ID: 913c7241f3658fd758f871a491b45035a87afca9df18cf7f98e8b419ec4abc49
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDF19362A183C55BE7A5AB18C888B3BBAA9FF44B40F654538DE4D473D4CB38ED50C750
                                                                                                                                                                                                                                Function 00007FF7868A9798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                                                                • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                • Instruction ID: a0dce90f905b28234a60d1682be694c26a0699323e5d39368b1dd432a6a2ae1a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4B17F73A18B858BEB15CF2AC84636977E0F744B49F688822DF5D837A4CB39D861C711
                                                                                                                                                                                                                                Function 00007FF786893A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                                • API String ID: 0-227171996
                                                                                                                                                                                                                                • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                • Instruction ID: 284c3923e569f777bcacb398d514fdd18639a511253d06dd358affd0a561ca87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE1B536A08A4697EB68AF39895413EB3A0FF45B48FB44135DA4E07794EF29FC61C710
                                                                                                                                                                                                                                Function 00007FF78688A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                • API String ID: 0-900081337
                                                                                                                                                                                                                                • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                • Instruction ID: 5dec4e32702f1b1c5c6130b4c62dc590912776cb8416ee7e8c77dcb91b1dbe01
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6991A672A182CA9BE7A49E14C888B3F7AA9FF44750F654139DA5E467C0DB38ED50CB10
                                                                                                                                                                                                                                Function 00007FF78689DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                                                                                                                • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                • Instruction ID: da0a4528f1acf0918644227ddc71ae9b8ebb17a0b6b11de3fccaeb408351a44f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C517822B182C196E7249F35AC0476AAB91FB45B94F988231CB6C47BC5EF7DF860C710
                                                                                                                                                                                                                                Function 00007FF78689DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                                                                                                                • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                • Instruction ID: 4330eeb9c57840510109d03545963bd394c63e9c83fcc12e02ae540534c655b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1A15763A08BC557EB21DF25A8007AEBB91BB60784F648031DE4D47786EE3DE911CB11
                                                                                                                                                                                                                                Function 00007FF786898804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                • Instruction ID: ad08a999505ad21c631f92863c10ae197dd893a9a037fd6b8e9e1a575324bc03
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B519D51B1824361FA68BA265D1157BD2907F84B84FE84834DE5E5BBD6FE3CFC22C221
                                                                                                                                                                                                                                Function 00007FF7868A34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                • Instruction ID: aa8ed0308c7bbf8059025c88422e8e4e6301d19afe34747937e865fe1388f7e0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5B09B10E07701D6ED443B115C8211552557F4C711FE40135C40C40330DE2C18F59711
                                                                                                                                                                                                                                Function 00007FF786893610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                • Instruction ID: 79f4902ad5b81cd101b2d800d6549244f944e77607aec1666c379964acd4c124
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECD1D966A08642A7EB29AE35885023FA3A1FB45B48FB44135CE0D57794EF39FC61C360
                                                                                                                                                                                                                                Function 00007FF786889870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                • Instruction ID: 247b0f545d2a8bf5ba25001a2d808a84ce0762621efce147a3a6843e7ae38d02
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FC17E762181E08BD289EB29E86947A73D1F78930DBE5406BEF87477C5C73CA514DB20
                                                                                                                                                                                                                                Function 00007FF786892C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                • Instruction ID: 945395379e2b5b1fc39887eaf3ccb5e8470c2ff5ddfb893f71c229c56e6f37b7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FB1CF32A2878595E7649F39C8A113EFBA0FB09B48FB40135CA4D47395EF79E861C760
                                                                                                                                                                                                                                Function 00007FF78689E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                • Instruction ID: 5e02df510544ed641897147e5054dded83d312174f288a56aceaca45a148ea6e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1081F372A0878157E7789B19A84437BAA91FF45794FA44235DB8D03B95EE3DE820CB10
                                                                                                                                                                                                                                Function 00007FF7868A6488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                                • Instruction ID: 384b4b8970bf17d5ac9de7d270e3fa57e84316c6bfff1503b303f904fb95e2cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E761F922E0C59266F764A92A8814A3FE580BF41361FB84239DF1D467CDEE7DEC90C721
                                                                                                                                                                                                                                Function 00007FF786891DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                • Instruction ID: 943d66a525ed558f9cc6f8578711c0d7528e8aec68670191c96cfbf74d823406
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78518236A1C65692E7649B29C84023EB3A0FB44B58F744231DE8D17B94EB7AFC62C750
                                                                                                                                                                                                                                Function 00007FF7868919B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                • Instruction ID: 2801a79d14c7e0fe203beb71c5fba65a76e4e0caf2bdd0cff519f8f2f0fb9556
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10519036A1C65196E7249B29C44023AB3B1FB44B68FB44131CA8D277A4EF3AFC67C750
                                                                                                                                                                                                                                Function 00007FF7868921D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                • Instruction ID: 60d38a55432f70d61c9299b48490d159dfc9da2033cdc8f1110dcedf957ada0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D517132A3865196E7249B69C85123AE3A0FB58B58F744131CE4C177A4EB3AFC63C750
                                                                                                                                                                                                                                Function 00007FF7868917B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                • Instruction ID: 7f36479acb04e549c12ad20c9a57d3a71227acb3d706b00e78456196661687f7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C51B436A1C65196E7689B28C84023EA3A1FB44F58FB44031CE8C27794EF3AFC62D750
                                                                                                                                                                                                                                Function 00007FF786891FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                • Instruction ID: 92c66b8d27857acaf87ad5c6a55cea389c1119e3e6820f102335f05cc34dccd7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B51C232A2865195E7249B29C86123AF7A0FB45B58FB44131CE4C177A8EF3AFC62C750
                                                                                                                                                                                                                                Function 00007FF786891BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                • Instruction ID: c5bc2752484bb5d623913bd6faa8010a9e71041da6f643564cc157c746e1c641
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9519036A1CA5196E7249B29C84023AA7A1FB45B5CFB44131CE8D177A4EF3AFC63C750
                                                                                                                                                                                                                                Function 00007FF786895DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                • Instruction ID: a0a6e9bc1f243306bd549244cd557697445bd151498603a594fc8341caeed5fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C441C66280964A64E96799280D046BED780BF62BF4DF812B0DC9D533C6FD1D3DA7C123
                                                                                                                                                                                                                                Function 00007FF786899F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                • Instruction ID: 1a8dafd108c8552e652ad209780fc75d938eed8558a29685090b91314255375e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF41F422714A5592EF04DF2AED1416AB3A1BB48FD0F999032EE0D97B54EE3DD852C300
                                                                                                                                                                                                                                Function 00007FF786898154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                • Instruction ID: cd3ca3b0c94070108ebe8d6028b8c1455a9ad107e222b4e6a3f7a75d3fcedfb5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D431D772B08B4242E754AF226C4013FA595BB85BD0F644239EE9D57BD5EF3CE821C314
                                                                                                                                                                                                                                Function 00007FF7868A95E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                • Instruction ID: bf78389fac903d9189891d86c8eabb8ab36fb200c8aa92de6ea4972eba6acfb1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F044717282559BDB98AF6DB84262A77D0F748390F908139D68D83B04DA3CD462DF14
                                                                                                                                                                                                                                Function 00007FF78688D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                • Instruction ID: b21f332d3825c9cdadfec9ccdb426cfef775fbb2fbb41e559eb5380ebf6f510e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFA0012190C80AF4E644AB01ACA0466A321FB55702FA00032E40D424A0EE2CAC20D721
                                                                                                                                                                                                                                Function 00007FF7868876B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                • Instruction ID: b7e6c0f7080c5394b129f1579ef3379d0b18bf695f598663895e5abb30fe5253
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C02A42090DB07B4EA54BB56AD505BBA361BF04B56FF41031D95E422A0EF7CFD68C232
                                                                                                                                                                                                                                Function 00007FF7868881C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7868845E4,00000000,00007FF786881985), ref: 00007FF786889439
                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7868888A7,?,?,00000000,00007FF786883CBB), ref: 00007FF78688821C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882810: MessageBoxW.USER32 ref: 00007FF7868828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                • Instruction ID: dab16422224a87450ab669de7dcf317e36ac18fc6b551cc608f837afce2e92d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6051B851A18642B5FB60FB25EC512BBE291FF94B81FE44031DA0E866D5EF2CEC24C760
                                                                                                                                                                                                                                Function 00007FF786882180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                • Instruction ID: aea5a987af94b89fd91d4f14867a71dc2804fc1ffbe8bcea858fbe427819369d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48510726614BA186D6349F26E8181BBF7A1FB98B62F104131EFDE43694DF3CD455CB20
                                                                                                                                                                                                                                Function 00007FF7868880B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                • Instruction ID: dbecf21c6b57b83a82042a90f62d88acd9b0bd1f3a952b3370318b3d4cdbe5f8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6021D365B09A4292E751AB7AAD4417BE251FF88F91FA84130DE2D473D4DE2CDDA0C321
                                                                                                                                                                                                                                Function 00007FF786896300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: -$:$f$p$p
                                                                                                                                                                                                                                • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                • Instruction ID: 11f983cfab09e40dcd94958a0f2ec509d6fccee5f44fc3d70b49902cb7dfe7ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1127061A0C153A6FB247B149954A7BF6A1FB40750FE84135E68E46AC4EB3CFDE0DB20
                                                                                                                                                                                                                                Function 00007FF786891038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                • Instruction ID: b2e8acd4dbe8837da0b47fc2a0965fbe87dee985d8d36ab0021dc6111c1598ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4125E32E0C143A5FB24BA55E85467BA262FB41754FE84035E6DD46BC4EB7CF8A0DB20
                                                                                                                                                                                                                                Function 00007FF786881050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                • Opcode ID: 459c70ac1d7639bc8463e208505d68a8d1b4527688a9ba0853ea1617660c4a39
                                                                                                                                                                                                                                • Instruction ID: 5856060444445bedea1e9987b49ab4bc4e4e4ed5f2f7d2cff03340908795a096
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 459c70ac1d7639bc8463e208505d68a8d1b4527688a9ba0853ea1617660c4a39
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D416D25A18653A6EA10FB12AC006BBE391BF54FC4FE44432ED4D47796EE3CE925C760
                                                                                                                                                                                                                                Function 00007FF786881470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                • Opcode ID: 0b283387f8163d2c1451a1fd9c7ee0611bebd7135be36a4017c4ebfd3c397b14
                                                                                                                                                                                                                                • Instruction ID: feb900763a8b230532dceae8de79ad601e3d16dc9fbb0a9f4766156222dcc3a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b283387f8163d2c1451a1fd9c7ee0611bebd7135be36a4017c4ebfd3c397b14
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11418021A18643A9EB10EB229C015BBE391BF44B98FE44432ED4D07B95EF3CED25C761
                                                                                                                                                                                                                                Function 00007FF78688EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                • Instruction ID: 0175cd00535e90fe6745a9ce39f04f2b9fc869f4c5c34bff979055195bc0ce8e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBD19232A0874197EB20EF65E8443AEB7A0FB55B98F600135EE4D57B96DF38E860C710
                                                                                                                                                                                                                                Function 00007FF78689ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF78689F11A,?,?,000002162E2E8B68,00007FF78689ADC3,?,?,?,00007FF78689ACBA,?,?,?,00007FF786895FAE), ref: 00007FF78689EEFC
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF78689F11A,?,?,000002162E2E8B68,00007FF78689ADC3,?,?,?,00007FF78689ACBA,?,?,?,00007FF786895FAE), ref: 00007FF78689EF08
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                • Instruction ID: 09e59fd32b45a94c5035fa03d43adf9da5d58995c333a2338ba9b2e39a59e429
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41B321B19A1266EA15EB16AC0857BA791BF48B90FE84539DD1D47784EE3CFC25C320
                                                                                                                                                                                                                                Function 00007FF786882C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882C9E
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882D63
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF786882D99
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                • Instruction ID: 354b0d2f2e59e7d0e6090f44bfe78338ae979c7e36ff76cea8f0748642dfb16d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE310822708B4166E720BB21BC106ABA692BF88BC9F900135EF4D93759EF3CD916C310
                                                                                                                                                                                                                                Function 00007FF78688DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDBD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDCB
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDF5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DE63
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DE6F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                • Instruction ID: bd9e8b975e1c356c54e31faf7cc674de7d6d5d3142161216ff9d617bde7497ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C316121B1AA42A5EE52AB12AC00576E394FF58FA0FB94535ED1D47784EF3CE864C720
                                                                                                                                                                                                                                Function 00007FF786886350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                • Instruction ID: 8e6d736b6a036913ec27039f631ad4c470e59d33526330c51c9a70b3410b52a9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87418321A18687B1EA21FB25E8152EBA361FF54740FE00132DA5D43695EF3CED65C361
                                                                                                                                                                                                                                Function 00007FF786882A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF78688351A,?,00000000,00007FF786883F23), ref: 00007FF786882AA0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                • Instruction ID: 75da2a18e35ea2fbdc216ba120d0993621886b892c6cd49cdd0867d5e8c4c1ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE218132A18782A6E720EB51BC817E7A7A4FB887C4F900132EE8D53659DF3CDA55C750
                                                                                                                                                                                                                                Function 00007FF78689B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                • Instruction ID: e68434411429e203eee3280b112217bf10f4a093fff05d38d5bed55016097dac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28216020E0C2466AF66877A15E5513FE142BF487A0FB44634E83E06AD6EE3CBC20C320
                                                                                                                                                                                                                                Function 00007FF7868A7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                • Instruction ID: fba6de0e6791b03a0d2e21769cdaaa59ae50f350ebfe17d143e8542a6c8ca807
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08118121B18A419AE350AB52FC5432AA7A5FB88FE5FA00234EE5D87794DF3CDC24C751
                                                                                                                                                                                                                                Function 00007FF786888560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF786889216), ref: 00007FF786888592
                                                                                                                                                                                                                                • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868885E9
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7868845E4,00000000,00007FF786881985), ref: 00007FF786889439
                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF786888678
                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868886E4
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868886F5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF78688870A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3462794448-0
                                                                                                                                                                                                                                • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                • Instruction ID: 87f552efd3625441346ac1bde6f992750101ce7c8356770f3e7217aeb4f7d7d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3641B562B1868255EA30BB11AD446ABA3A4FF84FC4F944035DF4D97B89DF3CE911C720
                                                                                                                                                                                                                                Function 00007FF78689B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B347
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B37D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3AA
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3BB
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3CC
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3E7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                • Instruction ID: d973d0eb85e2775bd28e3ce22eec01055da7de951f7a618c7075c8d04d351cf2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C112F20A0C642ABF758B7315E5513FE1867F447A0FB48734D86E46AD6EE2CBC21D321
                                                                                                                                                                                                                                Function 00007FF786882910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF786881B6A), ref: 00007FF78688295E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                • Instruction ID: c53cf0ca2dd6ffdd1027e49762a4549e9f1a0e165130f18d4361c15acb5e1f0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF310822B1868166E720B761BC416E7A295BF88BD4F900132FE8D83759EF3CD966C310
                                                                                                                                                                                                                                Function 00007FF786882390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                • Instruction ID: a26fd914a809d7c20ffd9d3c0fd2f471e85d74eb31464f0feffde1f652b2f9cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1431723261968299EB20EF61EC552FAA360FF88788FA40135EE4D47B49EF3CD511C711
                                                                                                                                                                                                                                Function 00007FF786882B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF78688918F,?,00007FF786883C55), ref: 00007FF786882BA0
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF786882C2A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                • Instruction ID: fc67fdc945d40235a9f4750c750f646c2808b8f9528543974b28c7f8085a8d23
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A321D162708B41A6E710AB15F8447ABB7A4FB887C4F900132EE8D53659DE3CDA25C750
                                                                                                                                                                                                                                Function 00007FF786882710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF786881B99), ref: 00007FF786882760
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                • Instruction ID: 1fc03723e7ae4b43991be68509645ee2bb179d24d2abfe68550d8f393fdcc785
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8218132A18781A6E720EB51BC817E7A7A4FB887C4F900131EE8D53659DF3CD955C750
                                                                                                                                                                                                                                Function 00007FF786899AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                • Instruction ID: b017633bd496a61cec96040c0e4381d273a6e12fb44abfc8e903c4988d0ff04a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEF04F21A09606A1EA10AB25AC5537BA361BF45762FE80235DA6E461E4DF2CE854C321
                                                                                                                                                                                                                                Function 00007FF7868A93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                • Instruction ID: d3786464e3e0c3334d5dbf39440754ad19e0c6c7e1c1d494ccb5b90287d131a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76119062E7DA1221FF743126DC96377A0447F58362EA40634EF7E062D6CE2CEC61C122
                                                                                                                                                                                                                                Function 00007FF78689B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B41F
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B43E
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B466
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B477
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B488
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                • Instruction ID: 4c0d77788fa23747d89523d1bcbeaa6265704e9d7ba86dfdc7cb4fcc0a1a4e7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C116320A086026AFA68B3216D5117BE1467F447B0FF88334E87D566D6EE2CBC21D720
                                                                                                                                                                                                                                Function 00007FF78689B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                • Instruction ID: a36a426d07d9f36da92833db1230d073858e7cfbd2803bcea330342786a34fb1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2110620A092066AFA68B3715C1517FA1867F49760FF88734D93E5A6C2FE2CBC21D321
                                                                                                                                                                                                                                Function 00007FF786896010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: verbose
                                                                                                                                                                                                                                • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                • Instruction ID: 0660798fe3960bab89680a2b0d589c6e1ad8bd9d5274ff5b9316a77fea504db3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5091CC32A08A46A5F721AF64DC50B7EB291BB45B94FE44132DA4D432C5EE3CFCA5C320
                                                                                                                                                                                                                                Function 00007FF78689FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                • Instruction ID: 4db75222d53dfbcf1cb667d084fc93df46b78851541aea7b0f042cbce59aba4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8818132E0C242A5F76C6F25895027EB6A0BF11748FF58035DA0E97695EB2DFD21D321
                                                                                                                                                                                                                                Function 00007FF78688D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                • Instruction ID: bd804a114ffd2138a2a590143e07f77face305f3f50390ad30ed311141d8c71b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2651A132B19602AADB54AF15E844A3AB7A1FB44F98FA44530DE4D47B48DF7CEC61CB10
                                                                                                                                                                                                                                Function 00007FF78688EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                • Instruction ID: feac780e042bdbf1c920995d476569db75c97600e2984dc9a20f3f67f8c0bf5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5961C172908BC596E731AB15E8403AAF7A0FB84BC4F544225EB8C07B99DF7CD5A0CB10
                                                                                                                                                                                                                                Function 00007FF78688F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                • Instruction ID: fa07fca1383a16e3a5e807b89b117cea1d8e17d731c49545448e81e18dbada54
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D518032908382D6EB74AF21994427AB6A0FB94FD4FA48136DA5D47795CF3CEC60C711
                                                                                                                                                                                                                                Function 00007FF786882810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                • Instruction ID: bafd3ef12296ebc86a1710abba9c39545a6822f2eac066062a24186dab257bcb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3921D162B08B41A6E710AB15F8447EBB7A1FB88784F900132EE8D53659DF3CDA65C750
                                                                                                                                                                                                                                Function 00007FF78689C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                • Instruction ID: 5d6d95c92dcbc0a395b4781f538883abcc10579904d58b12b1638d7d547bb12b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCD14972B186809AE710DF65D8403ED77B1FB44798FA08235CE5D67B89EE39E826C350
                                                                                                                                                                                                                                Function 00007FF7868820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                                • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                • Instruction ID: 5f6e7416d0a87d29fee86b88f77ea6a07fef8c3c38fb3ee82fcc953a9f085559
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C11C625A1C14252F654A76AED5527B9292FF84B81FE44030DE4D07B89CD3DECA1C250
                                                                                                                                                                                                                                Function 00007FF7868A5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                • Instruction ID: 2fe6aa5e1a9d07c4ecce242be6cab11595c49a2b9f472a5dca3283ade030baf5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A414C12A0828162FB25B716EC0137BD651FB90BA5FB44235EF5C06AD9DF3CD8A1C712
                                                                                                                                                                                                                                Function 00007FF786899084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868990B6
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78688CC15), ref: 00007FF7868990D4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                                • API String ID: 3580290477-2881294525
                                                                                                                                                                                                                                • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                • Instruction ID: 99fd8187acac3632bc0b78e197cd58387b5a924de38d3d18f8efa98ec1ffb203
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98418131A08B02A5EB14BF259C910BEA3A4FB457D0FE94035E94D43B85EE3DECA1C320
                                                                                                                                                                                                                                Function 00007FF78689CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                • Instruction ID: 43713cf6f30144cee7e302d846f67f013f13b27f82fc671ba6bb74f00ef0e53d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA41D632B18A8195DB60DF25E8443AAA760FB88794FA04031EE4D87B98EF3DE811C750
                                                                                                                                                                                                                                Function 00007FF78689F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                • Instruction ID: 3571984de55b9c68e7de0bda7693d152d0459020119988b200e799a28f81430d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD212522A0838192EB24AB15D80422FB3B1FB84B44FE14035CB8C43684EF7CED64CB61
                                                                                                                                                                                                                                Function 00007FF78688FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                • Instruction ID: 33334e2d54aa868b198f9f16b0290658234dcef9eb05bcdc3ca54d99c8bf4581
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3112132618B8192EB619F15F84026AB7E5FB88B84F684231EF8D07759DF3CD961C710
                                                                                                                                                                                                                                Function 00007FF7868A07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.3393400751.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393381323.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393437897.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393465856.00007FF7868C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.3393504193.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                • Instruction ID: 2eac4813aed6ac5e8bd0c3bc86fcd25e6d1e8c041b920415b1ce83ead92cfdec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C001712291820396F720BF61986527FA2A0FF44749FE40035D94D42691EE3DE924CA25

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:1.3%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:0.3%
                                                                                                                                                                                                                                Total number of Nodes:772
                                                                                                                                                                                                                                Total number of Limit Nodes:11
                                                                                                                                                                                                                                execution_graph 85084 7ffd93a80180 GetSystemInfo 85085 7ffd93a801b4 85084->85085 85086 7ff786895698 85087 7ff7868956cf 85086->85087 85088 7ff7868956b2 85086->85088 85087->85088 85090 7ff7868956e2 CreateFileW 85087->85090 85111 7ff786894f58 11 API calls _get_daylight 85088->85111 85092 7ff786895716 85090->85092 85093 7ff78689574c 85090->85093 85091 7ff7868956b7 85112 7ff786894f78 11 API calls _get_daylight 85091->85112 85114 7ff7868957ec 59 API calls 3 library calls 85092->85114 85115 7ff786895c74 46 API calls 3 library calls 85093->85115 85097 7ff786895751 85100 7ff786895780 85097->85100 85101 7ff786895755 85097->85101 85098 7ff7868956bf 85113 7ff78689a950 37 API calls _invalid_parameter_noinfo 85098->85113 85099 7ff786895724 85103 7ff786895741 CloseHandle 85099->85103 85104 7ff78689572b CloseHandle 85099->85104 85117 7ff786895a34 51 API calls 85100->85117 85116 7ff786894eec 11 API calls 2 library calls 85101->85116 85107 7ff7868956ca 85103->85107 85104->85107 85108 7ff78689578d 85118 7ff786895b70 21 API calls _fread_nolock 85108->85118 85110 7ff78689575f 85110->85107 85111->85091 85112->85098 85113->85107 85114->85099 85115->85097 85116->85110 85117->85108 85118->85110 85119 7ff78688ccac 85140 7ff78688ce7c 85119->85140 85122 7ff78688cdf8 85289 7ff78688d19c 7 API calls 2 library calls 85122->85289 85123 7ff78688ccc8 __scrt_acquire_startup_lock 85125 7ff78688ce02 85123->85125 85127 7ff78688cce6 __scrt_release_startup_lock 85123->85127 85290 7ff78688d19c 7 API calls 2 library calls 85125->85290 85128 7ff78688cd0b 85127->85128 85130 7ff78688cd91 85127->85130 85286 7ff786899b9c 45 API calls 85127->85286 85129 7ff78688ce0d __CxxCallCatchBlock 85146 7ff78688d2e4 85130->85146 85132 7ff78688cd96 85149 7ff786881000 85132->85149 85138 7ff78688cdb9 85138->85129 85288 7ff78688d000 7 API calls 85138->85288 85139 7ff78688cdd0 85139->85128 85141 7ff78688ce84 85140->85141 85142 7ff78688ce90 __scrt_dllmain_crt_thread_attach 85141->85142 85143 7ff78688ccc0 85142->85143 85144 7ff78688ce9d 85142->85144 85143->85122 85143->85123 85144->85143 85291 7ff78688d8f8 7 API calls 2 library calls 85144->85291 85292 7ff7868aa540 85146->85292 85150 7ff786881009 85149->85150 85294 7ff7868954f4 85150->85294 85152 7ff7868837fb 85301 7ff7868836b0 85152->85301 85158 7ff78688383c 85400 7ff786881c80 85158->85400 85159 7ff78688391b 85405 7ff7868845b0 85159->85405 85163 7ff78688385b 85373 7ff786888a20 85163->85373 85166 7ff78688396a 85428 7ff786882710 54 API calls _log10_special 85166->85428 85169 7ff78688388e 85176 7ff7868838bb __vcrt_freefls 85169->85176 85404 7ff786888b90 40 API calls __vcrt_freefls 85169->85404 85170 7ff78688395d 85171 7ff786883984 85170->85171 85172 7ff786883962 85170->85172 85174 7ff786881c80 49 API calls 85171->85174 85424 7ff7868900bc 85172->85424 85177 7ff7868839a3 85174->85177 85178 7ff786888a20 14 API calls 85176->85178 85185 7ff7868838de __vcrt_freefls 85176->85185 85182 7ff786881950 115 API calls 85177->85182 85178->85185 85180 7ff786883a0b 85431 7ff786888b90 40 API calls __vcrt_freefls 85180->85431 85184 7ff7868839ce 85182->85184 85183 7ff786883a17 85432 7ff786888b90 40 API calls __vcrt_freefls 85183->85432 85184->85163 85187 7ff7868839de 85184->85187 85191 7ff78688390e __vcrt_freefls 85185->85191 85430 7ff786888b30 40 API calls __vcrt_freefls 85185->85430 85429 7ff786882710 54 API calls _log10_special 85187->85429 85188 7ff786883a23 85433 7ff786888b90 40 API calls __vcrt_freefls 85188->85433 85192 7ff786888a20 14 API calls 85191->85192 85193 7ff786883a3b 85192->85193 85194 7ff786883b2f 85193->85194 85195 7ff786883a60 __vcrt_freefls 85193->85195 85435 7ff786882710 54 API calls _log10_special 85194->85435 85208 7ff786883aab 85195->85208 85434 7ff786888b30 40 API calls __vcrt_freefls 85195->85434 85198 7ff786888a20 14 API calls 85199 7ff786883bf4 __vcrt_freefls 85198->85199 85200 7ff786883c46 85199->85200 85201 7ff786883d41 85199->85201 85202 7ff786883cd4 85200->85202 85203 7ff786883c50 85200->85203 85449 7ff7868844d0 49 API calls 85201->85449 85206 7ff786888a20 14 API calls 85202->85206 85436 7ff7868890e0 59 API calls _log10_special 85203->85436 85210 7ff786883ce0 85206->85210 85207 7ff786883d4f 85211 7ff786883d65 85207->85211 85212 7ff786883d71 85207->85212 85208->85198 85209 7ff786883c55 85213 7ff786883cb3 85209->85213 85214 7ff786883c61 85209->85214 85210->85214 85218 7ff786883ced 85210->85218 85450 7ff786884620 85211->85450 85216 7ff786881c80 49 API calls 85212->85216 85447 7ff786888850 86 API calls 2 library calls 85213->85447 85437 7ff786882710 54 API calls _log10_special 85214->85437 85228 7ff786883d2b __vcrt_freefls 85216->85228 85221 7ff786881c80 49 API calls 85218->85221 85219 7ff786883cbb 85224 7ff786883cc8 85219->85224 85225 7ff786883cbf 85219->85225 85226 7ff786883d0b 85221->85226 85222 7ff786883dc4 85386 7ff786889400 85222->85386 85224->85228 85225->85214 85226->85228 85229 7ff786883d12 85226->85229 85227 7ff786883dd7 SetDllDirectoryW 85233 7ff786883e0a 85227->85233 85278 7ff786883e5a 85227->85278 85228->85222 85230 7ff786883da7 SetDllDirectoryW LoadLibraryExW 85228->85230 85448 7ff786882710 54 API calls _log10_special 85229->85448 85230->85222 85236 7ff786888a20 14 API calls 85233->85236 85234 7ff786883808 __vcrt_freefls 85438 7ff78688c5c0 85234->85438 85235 7ff786883ffc 85238 7ff786884029 85235->85238 85239 7ff786884006 PostMessageW GetMessageW 85235->85239 85244 7ff786883e16 __vcrt_freefls 85236->85244 85237 7ff786883f1b 85461 7ff7868833c0 121 API calls 2 library calls 85237->85461 85391 7ff786883360 85238->85391 85239->85238 85241 7ff786883f23 85241->85234 85242 7ff786883f2b 85241->85242 85462 7ff7868890c0 LocalFree 85242->85462 85247 7ff786883ef2 85244->85247 85248 7ff786883e4e 85244->85248 85460 7ff786888b30 40 API calls __vcrt_freefls 85247->85460 85248->85278 85453 7ff786886db0 54 API calls _get_daylight 85248->85453 85254 7ff786884043 85464 7ff786886fb0 FreeLibrary 85254->85464 85259 7ff78688404f 85260 7ff786883e6c 85454 7ff786887330 117 API calls 2 library calls 85260->85454 85264 7ff786883e81 85267 7ff786883ea2 85264->85267 85279 7ff786883e85 85264->85279 85455 7ff786886df0 120 API calls _log10_special 85264->85455 85267->85279 85456 7ff7868871a0 125 API calls 85267->85456 85271 7ff786883eb7 85271->85279 85457 7ff7868874e0 55 API calls 85271->85457 85273 7ff786883ee0 85459 7ff786886fb0 FreeLibrary 85273->85459 85278->85235 85278->85237 85279->85278 85458 7ff786882a50 54 API calls _log10_special 85279->85458 85286->85130 85287 7ff78688d328 GetModuleHandleW 85287->85138 85288->85139 85289->85125 85290->85129 85291->85143 85293 7ff78688d2fb GetStartupInfoW 85292->85293 85293->85132 85295 7ff78689f4f0 85294->85295 85296 7ff78689f543 85295->85296 85298 7ff78689f596 85295->85298 85465 7ff78689a884 37 API calls 2 library calls 85296->85465 85466 7ff78689f3c8 71 API calls _fread_nolock 85298->85466 85300 7ff78689f56c 85300->85152 85467 7ff78688c8c0 85301->85467 85304 7ff7868836eb GetLastError 85474 7ff786882c50 51 API calls _log10_special 85304->85474 85305 7ff786883710 85469 7ff7868892f0 FindFirstFileExW 85305->85469 85308 7ff786883706 85313 7ff78688c5c0 _log10_special 8 API calls 85308->85313 85310 7ff78688377d 85477 7ff7868894b0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 85310->85477 85311 7ff786883723 85475 7ff786889370 CreateFileW GetFinalPathNameByHandleW CloseHandle 85311->85475 85316 7ff7868837b5 85313->85316 85315 7ff78688378b 85315->85308 85478 7ff786882810 49 API calls _log10_special 85315->85478 85316->85234 85323 7ff786881950 85316->85323 85317 7ff786883730 85318 7ff786883734 85317->85318 85322 7ff78688374c __vcrt_FlsAlloc 85317->85322 85476 7ff786882810 49 API calls _log10_special 85318->85476 85321 7ff786883745 85321->85308 85322->85310 85324 7ff7868845b0 108 API calls 85323->85324 85325 7ff786881985 85324->85325 85326 7ff786881c43 85325->85326 85327 7ff786887f80 83 API calls 85325->85327 85328 7ff78688c5c0 _log10_special 8 API calls 85326->85328 85330 7ff7868819cb 85327->85330 85329 7ff786881c5e 85328->85329 85329->85158 85329->85159 85372 7ff786881a03 85330->85372 85479 7ff786890744 85330->85479 85332 7ff7868900bc 74 API calls 85332->85326 85333 7ff7868819e5 85334 7ff7868819e9 85333->85334 85335 7ff786881a08 85333->85335 85486 7ff786894f78 11 API calls _get_daylight 85334->85486 85483 7ff78689040c 85335->85483 85339 7ff7868819ee 85487 7ff786882910 54 API calls _log10_special 85339->85487 85340 7ff786881a26 85488 7ff786894f78 11 API calls _get_daylight 85340->85488 85341 7ff786881a45 85346 7ff786881a5c 85341->85346 85347 7ff786881a7b 85341->85347 85344 7ff786881a2b 85489 7ff786882910 54 API calls _log10_special 85344->85489 85490 7ff786894f78 11 API calls _get_daylight 85346->85490 85348 7ff786881c80 49 API calls 85347->85348 85350 7ff786881a92 85348->85350 85352 7ff786881c80 49 API calls 85350->85352 85351 7ff786881a61 85491 7ff786882910 54 API calls _log10_special 85351->85491 85354 7ff786881add 85352->85354 85355 7ff786890744 73 API calls 85354->85355 85356 7ff786881b01 85355->85356 85357 7ff786881b16 85356->85357 85358 7ff786881b35 85356->85358 85492 7ff786894f78 11 API calls _get_daylight 85357->85492 85359 7ff78689040c _fread_nolock 53 API calls 85358->85359 85361 7ff786881b4a 85359->85361 85363 7ff786881b50 85361->85363 85364 7ff786881b6f 85361->85364 85362 7ff786881b1b 85493 7ff786882910 54 API calls _log10_special 85362->85493 85494 7ff786894f78 11 API calls _get_daylight 85363->85494 85496 7ff786890180 37 API calls 2 library calls 85364->85496 85368 7ff786881b55 85495 7ff786882910 54 API calls _log10_special 85368->85495 85369 7ff786881b89 85369->85372 85497 7ff786882710 54 API calls _log10_special 85369->85497 85372->85332 85374 7ff786888a2a 85373->85374 85375 7ff786889400 2 API calls 85374->85375 85376 7ff786888a49 GetEnvironmentVariableW 85375->85376 85377 7ff786888ab2 85376->85377 85378 7ff786888a66 ExpandEnvironmentStringsW 85376->85378 85380 7ff78688c5c0 _log10_special 8 API calls 85377->85380 85378->85377 85379 7ff786888a88 85378->85379 85527 7ff7868894b0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 85379->85527 85382 7ff786888ac4 85380->85382 85382->85169 85383 7ff786888a9a 85384 7ff78688c5c0 _log10_special 8 API calls 85383->85384 85385 7ff786888aaa 85384->85385 85385->85169 85387 7ff786889422 MultiByteToWideChar 85386->85387 85390 7ff786889446 85386->85390 85388 7ff78688945c __vcrt_freefls 85387->85388 85387->85390 85388->85227 85389 7ff786889463 MultiByteToWideChar 85389->85388 85390->85388 85390->85389 85528 7ff786886350 85391->85528 85395 7ff786883381 85399 7ff786883399 85395->85399 85596 7ff786886040 85395->85596 85397 7ff78688338d 85397->85399 85605 7ff7868861d0 54 API calls 85397->85605 85463 7ff786883670 FreeLibrary 85399->85463 85401 7ff786881ca5 85400->85401 85744 7ff7868949f4 85401->85744 85404->85176 85406 7ff7868845bc 85405->85406 85407 7ff786889400 2 API calls 85406->85407 85408 7ff7868845e4 85407->85408 85409 7ff786889400 2 API calls 85408->85409 85410 7ff7868845f7 85409->85410 85771 7ff786896004 85410->85771 85413 7ff78688c5c0 _log10_special 8 API calls 85414 7ff78688392b 85413->85414 85414->85166 85415 7ff786887f80 85414->85415 85416 7ff786887fa4 85415->85416 85417 7ff78688807b __vcrt_freefls 85416->85417 85418 7ff786890744 73 API calls 85416->85418 85417->85170 85419 7ff786887fc0 85418->85419 85419->85417 85939 7ff786897938 85419->85939 85421 7ff786887fd5 85421->85417 85422 7ff786890744 73 API calls 85421->85422 85423 7ff78689040c _fread_nolock 53 API calls 85421->85423 85422->85421 85423->85421 85425 7ff7868900ec 85424->85425 85955 7ff78688fe98 85425->85955 85427 7ff786890105 85427->85166 85428->85234 85429->85234 85430->85180 85431->85183 85432->85188 85433->85191 85434->85208 85435->85234 85436->85209 85437->85234 85439 7ff78688c5c9 85438->85439 85440 7ff786883ca7 85439->85440 85441 7ff78688c950 IsProcessorFeaturePresent 85439->85441 85440->85287 85442 7ff78688c968 85441->85442 85967 7ff78688cb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 85442->85967 85444 7ff78688c97b 85968 7ff78688c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 85444->85968 85447->85219 85448->85234 85449->85207 85451 7ff786881c80 49 API calls 85450->85451 85452 7ff786884650 85451->85452 85452->85228 85453->85260 85454->85264 85455->85267 85456->85271 85457->85279 85458->85273 85459->85278 85460->85278 85461->85241 85463->85254 85464->85259 85465->85300 85466->85300 85468 7ff7868836bc GetModuleFileNameW 85467->85468 85468->85304 85468->85305 85470 7ff78688932f FindClose 85469->85470 85471 7ff786889342 85469->85471 85470->85471 85472 7ff78688c5c0 _log10_special 8 API calls 85471->85472 85473 7ff78688371a 85472->85473 85473->85310 85473->85311 85474->85308 85475->85317 85476->85321 85477->85315 85478->85308 85480 7ff786890774 85479->85480 85498 7ff7868904d4 85480->85498 85482 7ff78689078d 85482->85333 85511 7ff78689042c 85483->85511 85486->85339 85487->85372 85488->85344 85489->85372 85490->85351 85491->85372 85492->85362 85493->85372 85494->85368 85495->85372 85496->85369 85497->85372 85499 7ff78689053e 85498->85499 85500 7ff7868904fe 85498->85500 85499->85500 85501 7ff78689054a 85499->85501 85510 7ff78689a884 37 API calls 2 library calls 85500->85510 85509 7ff7868954dc EnterCriticalSection 85501->85509 85504 7ff78689054f 85506 7ff786890658 71 API calls 85504->85506 85505 7ff786890525 85505->85482 85507 7ff786890561 85506->85507 85508 7ff7868954e8 _fread_nolock LeaveCriticalSection 85507->85508 85508->85505 85510->85505 85512 7ff786881a20 85511->85512 85513 7ff786890456 85511->85513 85512->85340 85512->85341 85513->85512 85514 7ff7868904a2 85513->85514 85515 7ff786890465 __scrt_get_show_window_mode 85513->85515 85524 7ff7868954dc EnterCriticalSection 85514->85524 85525 7ff786894f78 11 API calls _get_daylight 85515->85525 85517 7ff7868904aa 85519 7ff7868901ac _fread_nolock 51 API calls 85517->85519 85521 7ff7868904c1 85519->85521 85520 7ff78689047a 85526 7ff78689a950 37 API calls _invalid_parameter_noinfo 85520->85526 85523 7ff7868954e8 _fread_nolock LeaveCriticalSection 85521->85523 85523->85512 85525->85520 85526->85512 85527->85383 85529 7ff786886365 85528->85529 85530 7ff786881c80 49 API calls 85529->85530 85531 7ff7868863a1 85530->85531 85532 7ff7868863cd 85531->85532 85533 7ff7868863aa 85531->85533 85535 7ff786884620 49 API calls 85532->85535 85616 7ff786882710 54 API calls _log10_special 85533->85616 85536 7ff7868863e5 85535->85536 85537 7ff786886403 85536->85537 85617 7ff786882710 54 API calls _log10_special 85536->85617 85606 7ff786884550 85537->85606 85540 7ff78688c5c0 _log10_special 8 API calls 85542 7ff78688336e 85540->85542 85542->85399 85559 7ff7868864f0 85542->85559 85543 7ff78688641b 85545 7ff786884620 49 API calls 85543->85545 85544 7ff786889070 3 API calls 85544->85543 85546 7ff786886434 85545->85546 85547 7ff786886459 85546->85547 85548 7ff786886439 85546->85548 85612 7ff786889070 85547->85612 85618 7ff786882710 54 API calls _log10_special 85548->85618 85551 7ff786886466 85552 7ff786886472 85551->85552 85553 7ff7868864b1 85551->85553 85554 7ff786889400 2 API calls 85552->85554 85620 7ff786885820 137 API calls 85553->85620 85556 7ff78688648a GetLastError 85554->85556 85619 7ff786882c50 51 API calls _log10_special 85556->85619 85558 7ff7868863c3 85558->85540 85621 7ff7868853f0 85559->85621 85561 7ff786886516 85562 7ff78688651e 85561->85562 85563 7ff78688652f 85561->85563 85646 7ff786882710 54 API calls _log10_special 85562->85646 85628 7ff786884c80 85563->85628 85567 7ff78688654c 85571 7ff78688655c 85567->85571 85573 7ff78688656d 85567->85573 85568 7ff78688653b 85647 7ff786882710 54 API calls _log10_special 85568->85647 85570 7ff78688652a 85570->85395 85648 7ff786882710 54 API calls _log10_special 85571->85648 85574 7ff78688659d 85573->85574 85575 7ff78688658c 85573->85575 85577 7ff7868865bd 85574->85577 85578 7ff7868865ac 85574->85578 85649 7ff786882710 54 API calls _log10_special 85575->85649 85632 7ff786884d40 85577->85632 85650 7ff786882710 54 API calls _log10_special 85578->85650 85582 7ff7868865dd 85585 7ff7868865fd 85582->85585 85586 7ff7868865ec 85582->85586 85583 7ff7868865cc 85651 7ff786882710 54 API calls _log10_special 85583->85651 85588 7ff78688660f 85585->85588 85590 7ff786886620 85585->85590 85652 7ff786882710 54 API calls _log10_special 85586->85652 85653 7ff786882710 54 API calls _log10_special 85588->85653 85593 7ff78688664a 85590->85593 85654 7ff786897320 73 API calls 85590->85654 85592 7ff786886638 85655 7ff786897320 73 API calls 85592->85655 85593->85570 85656 7ff786882710 54 API calls _log10_special 85593->85656 85597 7ff786886060 85596->85597 85598 7ff786886089 85597->85598 85601 7ff7868860a0 __vcrt_freefls 85597->85601 85688 7ff786882710 54 API calls _log10_special 85598->85688 85600 7ff786886095 85600->85397 85603 7ff786882710 54 API calls 85601->85603 85604 7ff7868861ab 85601->85604 85658 7ff786881470 85601->85658 85603->85601 85604->85397 85605->85399 85607 7ff78688455a 85606->85607 85608 7ff786889400 2 API calls 85607->85608 85609 7ff78688457f 85608->85609 85610 7ff78688c5c0 _log10_special 8 API calls 85609->85610 85611 7ff7868845a7 85610->85611 85611->85543 85611->85544 85613 7ff786889400 2 API calls 85612->85613 85614 7ff786889084 LoadLibraryExW 85613->85614 85615 7ff7868890a3 __vcrt_freefls 85614->85615 85615->85551 85616->85558 85617->85537 85618->85558 85619->85558 85620->85558 85623 7ff78688541c 85621->85623 85622 7ff786885424 85622->85561 85623->85622 85626 7ff7868855c4 85623->85626 85657 7ff786896b14 48 API calls 85623->85657 85624 7ff786885787 __vcrt_freefls 85624->85561 85625 7ff7868847c0 47 API calls 85625->85626 85626->85624 85626->85625 85629 7ff786884cb0 85628->85629 85630 7ff78688c5c0 _log10_special 8 API calls 85629->85630 85631 7ff786884d1a 85630->85631 85631->85567 85631->85568 85633 7ff786884d55 85632->85633 85634 7ff786881c80 49 API calls 85633->85634 85635 7ff786884da1 85634->85635 85636 7ff786881c80 49 API calls 85635->85636 85645 7ff786884e23 __vcrt_freefls 85635->85645 85637 7ff786884de0 85636->85637 85640 7ff786889400 2 API calls 85637->85640 85637->85645 85638 7ff78688c5c0 _log10_special 8 API calls 85639 7ff786884e6e 85638->85639 85639->85582 85639->85583 85641 7ff786884df6 85640->85641 85642 7ff786889400 2 API calls 85641->85642 85643 7ff786884e0d 85642->85643 85644 7ff786889400 2 API calls 85643->85644 85644->85645 85645->85638 85646->85570 85647->85570 85648->85570 85649->85570 85650->85570 85651->85570 85652->85570 85653->85570 85654->85592 85655->85593 85656->85570 85657->85623 85659 7ff7868845b0 108 API calls 85658->85659 85660 7ff786881493 85659->85660 85661 7ff7868814bc 85660->85661 85662 7ff78688149b 85660->85662 85664 7ff786890744 73 API calls 85661->85664 85711 7ff786882710 54 API calls _log10_special 85662->85711 85666 7ff7868814d1 85664->85666 85665 7ff7868814ab 85665->85601 85667 7ff7868814f8 85666->85667 85668 7ff7868814d5 85666->85668 85671 7ff786881508 85667->85671 85672 7ff786881532 85667->85672 85712 7ff786894f78 11 API calls _get_daylight 85668->85712 85670 7ff7868814da 85713 7ff786882910 54 API calls _log10_special 85670->85713 85714 7ff786894f78 11 API calls _get_daylight 85671->85714 85675 7ff786881538 85672->85675 85683 7ff78688154b 85672->85683 85689 7ff786881210 85675->85689 85676 7ff786881510 85715 7ff786882910 54 API calls _log10_special 85676->85715 85679 7ff7868900bc 74 API calls 85682 7ff7868815c4 85679->85682 85680 7ff7868814f3 __vcrt_freefls 85680->85679 85681 7ff78689040c _fread_nolock 53 API calls 85681->85683 85682->85601 85683->85680 85683->85681 85684 7ff7868815d6 85683->85684 85716 7ff786894f78 11 API calls _get_daylight 85684->85716 85686 7ff7868815db 85717 7ff786882910 54 API calls _log10_special 85686->85717 85688->85600 85690 7ff786881268 85689->85690 85691 7ff786881297 85690->85691 85692 7ff78688126f 85690->85692 85695 7ff7868812d4 85691->85695 85696 7ff7868812b1 85691->85696 85722 7ff786882710 54 API calls _log10_special 85692->85722 85694 7ff786881282 85694->85680 85700 7ff786881309 memcpy_s 85695->85700 85701 7ff7868812e6 85695->85701 85723 7ff786894f78 11 API calls _get_daylight 85696->85723 85698 7ff7868812b6 85724 7ff786882910 54 API calls _log10_special 85698->85724 85703 7ff78689040c _fread_nolock 53 API calls 85700->85703 85706 7ff7868812cf __vcrt_freefls 85700->85706 85707 7ff7868813cf 85700->85707 85710 7ff786890180 37 API calls 85700->85710 85718 7ff786890b4c 85700->85718 85725 7ff786894f78 11 API calls _get_daylight 85701->85725 85703->85700 85704 7ff7868812eb 85726 7ff786882910 54 API calls _log10_special 85704->85726 85706->85680 85727 7ff786882710 54 API calls _log10_special 85707->85727 85710->85700 85711->85665 85712->85670 85713->85680 85714->85676 85715->85680 85716->85686 85717->85680 85719 7ff786890b7c 85718->85719 85728 7ff78689089c 85719->85728 85721 7ff786890b9a 85721->85700 85722->85694 85723->85698 85724->85706 85725->85704 85726->85706 85727->85706 85729 7ff7868908e9 85728->85729 85730 7ff7868908bc 85728->85730 85729->85721 85730->85729 85731 7ff7868908f1 85730->85731 85732 7ff7868908c6 85730->85732 85735 7ff7868907dc 85731->85735 85742 7ff78689a884 37 API calls 2 library calls 85732->85742 85743 7ff7868954dc EnterCriticalSection 85735->85743 85737 7ff7868907f9 85738 7ff78689081c 74 API calls 85737->85738 85739 7ff786890802 85738->85739 85740 7ff7868954e8 _fread_nolock LeaveCriticalSection 85739->85740 85741 7ff78689080d 85740->85741 85741->85729 85742->85729 85747 7ff786894a4e 85744->85747 85745 7ff786894a73 85762 7ff78689a884 37 API calls 2 library calls 85745->85762 85746 7ff786894aaf 85763 7ff786892c80 49 API calls _invalid_parameter_noinfo 85746->85763 85747->85745 85747->85746 85750 7ff786894a9d 85751 7ff78688c5c0 _log10_special 8 API calls 85750->85751 85754 7ff786881cc8 85751->85754 85752 7ff78689a9b8 __free_lconv_mon 11 API calls 85752->85750 85753 7ff786894b46 85755 7ff786894bb0 85753->85755 85756 7ff786894b61 85753->85756 85757 7ff786894b8c 85753->85757 85758 7ff786894b58 85753->85758 85754->85163 85755->85757 85759 7ff786894bba 85755->85759 85764 7ff78689a9b8 85756->85764 85757->85752 85758->85756 85758->85757 85761 7ff78689a9b8 __free_lconv_mon 11 API calls 85759->85761 85761->85750 85762->85750 85763->85753 85765 7ff78689a9bd RtlFreeHeap 85764->85765 85767 7ff78689a9ec 85764->85767 85766 7ff78689a9d8 GetLastError 85765->85766 85765->85767 85768 7ff78689a9e5 __free_lconv_mon 85766->85768 85767->85750 85770 7ff786894f78 11 API calls _get_daylight 85768->85770 85770->85767 85772 7ff786895f38 85771->85772 85773 7ff786895f5e 85772->85773 85775 7ff786895f91 85772->85775 85802 7ff786894f78 11 API calls _get_daylight 85773->85802 85777 7ff786895fa4 85775->85777 85778 7ff786895f97 85775->85778 85776 7ff786895f63 85803 7ff78689a950 37 API calls _invalid_parameter_noinfo 85776->85803 85790 7ff78689ac98 85777->85790 85804 7ff786894f78 11 API calls _get_daylight 85778->85804 85782 7ff786884606 85782->85413 85784 7ff786895fc5 85797 7ff78689ff3c 85784->85797 85785 7ff786895fb8 85805 7ff786894f78 11 API calls _get_daylight 85785->85805 85788 7ff786895fd8 85806 7ff7868954e8 LeaveCriticalSection 85788->85806 85807 7ff7868a0348 EnterCriticalSection 85790->85807 85792 7ff78689acaf 85793 7ff78689ad0c 19 API calls 85792->85793 85794 7ff78689acba 85793->85794 85795 7ff7868a03a8 _isindst LeaveCriticalSection 85794->85795 85796 7ff786895fae 85795->85796 85796->85784 85796->85785 85808 7ff78689fc38 85797->85808 85800 7ff78689ff96 85800->85788 85802->85776 85803->85782 85804->85782 85805->85782 85814 7ff78689fc73 __vcrt_FlsAlloc 85808->85814 85809 7ff78689fe3a 85813 7ff78689fe43 85809->85813 85826 7ff786894f78 11 API calls _get_daylight 85809->85826 85811 7ff78689ff11 85827 7ff78689a950 37 API calls _invalid_parameter_noinfo 85811->85827 85813->85800 85820 7ff7868a6dc4 85813->85820 85814->85809 85823 7ff786897aac 51 API calls 3 library calls 85814->85823 85816 7ff78689fea5 85816->85809 85824 7ff786897aac 51 API calls 3 library calls 85816->85824 85818 7ff78689fec4 85818->85809 85825 7ff786897aac 51 API calls 3 library calls 85818->85825 85828 7ff7868a63c4 85820->85828 85823->85816 85824->85818 85825->85809 85826->85811 85827->85813 85829 7ff7868a63f9 85828->85829 85830 7ff7868a63db 85828->85830 85829->85830 85833 7ff7868a6415 85829->85833 85882 7ff786894f78 11 API calls _get_daylight 85830->85882 85832 7ff7868a63e0 85883 7ff78689a950 37 API calls _invalid_parameter_noinfo 85832->85883 85839 7ff7868a69d4 85833->85839 85837 7ff7868a63ec 85837->85800 85885 7ff7868a6708 85839->85885 85842 7ff7868a6a61 85905 7ff786898590 85842->85905 85843 7ff7868a6a49 85917 7ff786894f58 11 API calls _get_daylight 85843->85917 85846 7ff7868a6a4e 85918 7ff786894f78 11 API calls _get_daylight 85846->85918 85874 7ff7868a6440 85874->85837 85884 7ff786898568 LeaveCriticalSection 85874->85884 85882->85832 85883->85837 85886 7ff7868a6734 85885->85886 85894 7ff7868a674e 85885->85894 85886->85894 85930 7ff786894f78 11 API calls _get_daylight 85886->85930 85888 7ff7868a6743 85931 7ff78689a950 37 API calls _invalid_parameter_noinfo 85888->85931 85890 7ff7868a681d 85903 7ff7868a687a 85890->85903 85936 7ff786899be8 37 API calls 2 library calls 85890->85936 85891 7ff7868a67cc 85891->85890 85934 7ff786894f78 11 API calls _get_daylight 85891->85934 85894->85891 85932 7ff786894f78 11 API calls _get_daylight 85894->85932 85895 7ff7868a6876 85898 7ff7868a68f8 85895->85898 85895->85903 85896 7ff7868a6812 85935 7ff78689a950 37 API calls _invalid_parameter_noinfo 85896->85935 85937 7ff78689a970 17 API calls _isindst 85898->85937 85900 7ff7868a67c1 85933 7ff78689a950 37 API calls _invalid_parameter_noinfo 85900->85933 85903->85842 85903->85843 85938 7ff7868a0348 EnterCriticalSection 85905->85938 85917->85846 85918->85874 85930->85888 85931->85894 85932->85900 85933->85891 85934->85896 85935->85890 85936->85895 85940 7ff786897968 85939->85940 85943 7ff786897444 85940->85943 85942 7ff786897981 85942->85421 85944 7ff78689745f 85943->85944 85945 7ff78689748e 85943->85945 85954 7ff78689a884 37 API calls 2 library calls 85944->85954 85953 7ff7868954dc EnterCriticalSection 85945->85953 85948 7ff78689747f 85948->85942 85949 7ff786897493 85950 7ff7868974b0 38 API calls 85949->85950 85951 7ff78689749f 85950->85951 85952 7ff7868954e8 _fread_nolock LeaveCriticalSection 85951->85952 85952->85948 85954->85948 85956 7ff78688feb3 85955->85956 85957 7ff78688fee1 85955->85957 85966 7ff78689a884 37 API calls 2 library calls 85956->85966 85960 7ff78688fed3 85957->85960 85965 7ff7868954dc EnterCriticalSection 85957->85965 85960->85427 85961 7ff78688fef8 85962 7ff78688ff14 72 API calls 85961->85962 85963 7ff78688ff04 85962->85963 85964 7ff7868954e8 _fread_nolock LeaveCriticalSection 85963->85964 85964->85960 85966->85960 85967->85444 85969 7ff7868820c0 85970 7ff78688213b GetWindowLongPtrW 85969->85970 85971 7ff7868820d5 85969->85971 85979 7ff786882180 GetDC 85970->85979 85973 7ff78688210a SetWindowLongPtrW 85971->85973 85976 7ff7868820e2 85971->85976 85978 7ff786882124 85973->85978 85974 7ff7868820f4 EndDialog 85977 7ff7868820fa 85974->85977 85976->85974 85976->85977 85980 7ff78688224d 85979->85980 85981 7ff7868821bd 85979->85981 85984 7ff786882252 MoveWindow MoveWindow MoveWindow MoveWindow 85980->85984 85982 7ff7868821fb DrawTextW 85981->85982 85983 7ff7868821ef SelectObject 85981->85983 85985 7ff786882225 SelectObject 85982->85985 85986 7ff786882231 ReleaseDC 85982->85986 85983->85982 85987 7ff78688c5c0 _log10_special 8 API calls 85984->85987 85985->85986 85986->85984 85988 7ff786882158 InvalidateRect 85987->85988 85988->85977 85989 7ff786882fe0 85990 7ff786882ff0 85989->85990 85991 7ff78688302b 85990->85991 85992 7ff786883041 85990->85992 86031 7ff786882710 54 API calls _log10_special 85991->86031 85994 7ff786883061 85992->85994 86005 7ff786883077 __vcrt_freefls 85992->86005 86032 7ff786882710 54 API calls _log10_special 85994->86032 85996 7ff78688c5c0 _log10_special 8 API calls 85998 7ff7868831fa 85996->85998 85997 7ff786883037 __vcrt_freefls 85997->85996 85999 7ff786881470 116 API calls 85999->86005 86000 7ff786883349 86037 7ff786882710 54 API calls _log10_special 86000->86037 86001 7ff786881c80 49 API calls 86001->86005 86003 7ff786883333 86036 7ff786882710 54 API calls _log10_special 86003->86036 86005->85997 86005->85999 86005->86000 86005->86001 86005->86003 86006 7ff78688330d 86005->86006 86008 7ff786883207 86005->86008 86035 7ff786882710 54 API calls _log10_special 86006->86035 86009 7ff786883273 86008->86009 86033 7ff78689a474 37 API calls 2 library calls 86008->86033 86011 7ff78688329e 86009->86011 86012 7ff786883290 86009->86012 86017 7ff786882dd0 86011->86017 86034 7ff78689a474 37 API calls 2 library calls 86012->86034 86015 7ff78688329c 86021 7ff786882500 86015->86021 86018 7ff786882e04 86017->86018 86019 7ff786882f6f 86018->86019 86038 7ff78689a474 37 API calls 2 library calls 86018->86038 86019->86015 86022 7ff78688252c 86021->86022 86023 7ff786882536 86021->86023 86025 7ff786889400 2 API calls 86022->86025 86024 7ff78688254b 86023->86024 86026 7ff786889400 2 API calls 86023->86026 86027 7ff786882560 86024->86027 86028 7ff786889400 2 API calls 86024->86028 86025->86023 86026->86024 86039 7ff786882390 86027->86039 86028->86027 86030 7ff78688257c __vcrt_freefls 86030->85997 86031->85997 86032->85997 86033->86009 86034->86015 86035->85997 86036->85997 86037->85997 86038->86019 86040 7ff78688c8c0 86039->86040 86041 7ff7868823a9 GetModuleHandleW 86040->86041 86042 7ff7868823e5 __scrt_get_show_window_mode 86041->86042 86058 7ff7868825c0 86042->86058 86044 7ff78688242b __scrt_get_show_window_mode 86062 7ff7868979dc 86044->86062 86047 7ff7868979dc 37 API calls 86048 7ff78688245e 86047->86048 86049 7ff7868979dc 37 API calls 86048->86049 86050 7ff78688246b DialogBoxIndirectParamW 86049->86050 86051 7ff7868824a1 __vcrt_freefls 86050->86051 86052 7ff7868824c7 86051->86052 86053 7ff7868824c1 DeleteObject 86051->86053 86054 7ff7868824d9 86052->86054 86055 7ff7868824d3 DestroyIcon 86052->86055 86053->86052 86056 7ff78688c5c0 _log10_special 8 API calls 86054->86056 86055->86054 86057 7ff7868824ea 86056->86057 86057->86030 86059 7ff7868825e5 86058->86059 86070 7ff786894c48 86059->86070 86063 7ff7868979fa 86062->86063 86067 7ff786882451 86062->86067 86063->86067 86090 7ff7868a04e4 37 API calls 2 library calls 86063->86090 86065 7ff786897a29 86066 7ff786897a49 86065->86066 86065->86067 86091 7ff78689a970 17 API calls _isindst 86066->86091 86067->86047 86072 7ff786894ca2 86070->86072 86071 7ff786894cc7 86088 7ff78689a884 37 API calls 2 library calls 86071->86088 86072->86071 86074 7ff786894d03 86072->86074 86089 7ff786893000 48 API calls _invalid_parameter_noinfo 86074->86089 86076 7ff786894d9e 86081 7ff786894de4 86076->86081 86082 7ff786894db9 86076->86082 86083 7ff786894e0a 86076->86083 86084 7ff786894db0 86076->86084 86077 7ff786894cf1 86078 7ff78688c5c0 _log10_special 8 API calls 86077->86078 86080 7ff786882604 86078->86080 86079 7ff78689a9b8 __free_lconv_mon 11 API calls 86079->86077 86080->86044 86081->86079 86086 7ff78689a9b8 __free_lconv_mon 11 API calls 86082->86086 86083->86081 86085 7ff786894e14 86083->86085 86084->86081 86084->86082 86087 7ff78689a9b8 __free_lconv_mon 11 API calls 86085->86087 86086->86077 86087->86077 86088->86077 86089->86076 86090->86065 86092 7ffda3567c48 sqlite3_libversion_number 86093 7ffda356d872 86092->86093 86094 7ffda3567c66 sqlite3_initialize 86092->86094 86095 7ffda356d886 PyErr_SetString 86093->86095 86096 7ffda3567c74 86094->86096 86097 7ffda356d87b sqlite3_errstr 86094->86097 86158 7ffda35680df 86095->86158 86159 7ffda3568160 PyType_FromModuleAndSpec PyModule_GetState 86096->86159 86097->86095 86099 7ffda3567c7c 86100 7ffda3568153 sqlite3_shutdown 86099->86100 86160 7ffda35681a8 PyType_FromModuleAndSpec PyModule_GetState 86099->86160 86100->86158 86102 7ffda356d8a3 PyErr_Format 86102->86100 86103 7ffda3567c8c 86103->86100 86161 7ffda35681f0 PyType_FromModuleAndSpec PyModule_GetState 86103->86161 86104 7ffda35680ec PyModule_AddIntConstant 86104->86100 86104->86158 86106 7ffda3567c9c 86106->86100 86162 7ffda3568234 PyType_FromModuleAndSpec PyModule_GetState 86106->86162 86109 7ffda3567cac 86109->86100 86163 7ffda356827c PyType_FromModuleAndSpec PyModule_GetState 86109->86163 86110 7ffda3568118 PyModule_GetState _PyImport_GetModuleAttrString 86110->86100 86111 7ffda3568141 86110->86111 86113 7ffda3567cbc 86113->86100 86164 7ffda35682c4 PyType_FromModuleAndSpec PyModule_GetState 86113->86164 86115 7ffda3567ccc 86115->86100 86116 7ffda3567cd4 PyModule_GetState PyModule_AddType 86115->86116 86116->86100 86117 7ffda3567cf5 PyModule_AddType 86116->86117 86117->86100 86118 7ffda3567d0a PyModule_AddType 86117->86118 86118->86100 86119 7ffda3567d22 PyModule_AddType 86118->86119 86119->86100 86120 7ffda3567d3a PyModule_AddType 86119->86120 86120->86100 86121 7ffda3567d52 PyErr_NewException 86120->86121 86121->86100 86122 7ffda3567d79 PyModule_AddType 86121->86122 86122->86100 86123 7ffda3567d8d PyErr_NewException 86122->86123 86123->86100 86124 7ffda3567db4 PyModule_AddType 86123->86124 86124->86100 86125 7ffda3567dc8 PyErr_NewException 86124->86125 86125->86100 86126 7ffda3567de9 PyModule_AddType 86125->86126 86126->86100 86127 7ffda3567dfd PyErr_NewException 86126->86127 86127->86100 86128 7ffda3567e1e PyModule_AddType 86127->86128 86128->86100 86129 7ffda3567e32 PyErr_NewException 86128->86129 86129->86100 86130 7ffda3567e53 PyModule_AddType 86129->86130 86130->86100 86131 7ffda3567e67 PyErr_NewException 86130->86131 86131->86100 86132 7ffda3567e88 PyModule_AddType 86131->86132 86132->86100 86133 7ffda3567e9c PyErr_NewException 86132->86133 86133->86100 86134 7ffda3567ebd PyModule_AddType 86133->86134 86134->86100 86135 7ffda3567ed1 PyErr_NewException 86134->86135 86135->86100 86136 7ffda3567ef2 PyModule_AddType 86135->86136 86136->86100 86137 7ffda3567f06 PyErr_NewException 86136->86137 86137->86100 86138 7ffda3567f26 PyModule_AddType 86137->86138 86138->86100 86139 7ffda3567f3a PyErr_NewException 86138->86139 86139->86100 86140 7ffda3567f5b PyModule_AddType 86139->86140 86140->86100 86141 7ffda3567f6f PyUnicode_InternFromString 86140->86141 86141->86100 86142 7ffda3567f85 PyUnicode_InternFromString 86141->86142 86142->86100 86143 7ffda3567fa2 PyUnicode_InternFromString 86142->86143 86143->86100 86144 7ffda3567fbf PyUnicode_InternFromString 86143->86144 86144->86100 86145 7ffda3567fdc PyUnicode_InternFromString 86144->86145 86145->86100 86146 7ffda3567ff9 PyUnicode_InternFromString 86145->86146 86146->86100 86147 7ffda3568016 PyUnicode_InternFromString 86146->86147 86147->86100 86148 7ffda3568033 PyUnicode_InternFromString 86147->86148 86148->86100 86149 7ffda3568050 86148->86149 86165 7ffda35683a0 PyModule_AddIntConstant 86149->86165 86151 7ffda356805f 86151->86100 86166 7ffda3568410 65 API calls 86151->86166 86153 7ffda356806f 86153->86100 86154 7ffda3568077 PyModule_AddStringConstant 86153->86154 86154->86100 86155 7ffda3568096 sqlite3_libversion PyModule_AddStringConstant 86154->86155 86155->86100 86156 7ffda35680b7 PyModule_AddIntConstant 86155->86156 86156->86100 86157 7ffda35680d3 sqlite3_threadsafe 86156->86157 86157->86158 86158->86100 86158->86102 86158->86104 86158->86110 86167 7ffda3568350 PyModule_GetState PyDict_New PyModule_AddObjectRef 86158->86167 86159->86099 86160->86103 86161->86106 86162->86109 86163->86113 86164->86115 86165->86151 86166->86153 86167->86158

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00007FFDA3567C48 Relevance: 131.6, APIs: 48, Strings: 27, Instructions: 310COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 7ffda3567c48-7ffda3567c60 sqlite3_libversion_number 1 7ffda356d872-7ffda356d879 0->1 2 7ffda3567c66-7ffda3567c6e sqlite3_initialize 0->2 3 7ffda356d886-7ffda356d890 PyErr_SetString 1->3 4 7ffda3567c74-7ffda3567c7e call 7ffda3568160 2->4 5 7ffda356d87b-7ffda356d883 sqlite3_errstr 2->5 6 7ffda356d896 3->6 9 7ffda3568153-7ffda356815a sqlite3_shutdown 4->9 10 7ffda3567c84-7ffda3567c8e call 7ffda35681a8 4->10 5->3 11 7ffda356d89e-7ffda356d8a1 6->11 9->6 10->9 17 7ffda3567c94-7ffda3567c9e call 7ffda35681f0 10->17 13 7ffda356d8a3-7ffda356d8b8 PyErr_Format 11->13 14 7ffda356d8bd-7ffda356d8c3 11->14 13->9 16 7ffda35680ec-7ffda35680fe PyModule_AddIntConstant 14->16 16->9 18 7ffda3568100-7ffda356810a call 7ffda3568308 16->18 17->9 24 7ffda3567ca4-7ffda3567cae call 7ffda3568234 17->24 18->9 23 7ffda356810c-7ffda3568116 call 7ffda3568350 18->23 23->9 29 7ffda3568118-7ffda356813f PyModule_GetState _PyImport_GetModuleAttrString 23->29 24->9 30 7ffda3567cb4-7ffda3567cbe call 7ffda356827c 24->30 29->9 31 7ffda3568141-7ffda356814d 29->31 30->9 34 7ffda3567cc4-7ffda3567cce call 7ffda35682c4 30->34 34->9 37 7ffda3567cd4-7ffda3567cef PyModule_GetState PyModule_AddType 34->37 37->9 38 7ffda3567cf5-7ffda3567d04 PyModule_AddType 37->38 38->9 39 7ffda3567d0a-7ffda3567d1c PyModule_AddType 38->39 39->9 40 7ffda3567d22-7ffda3567d34 PyModule_AddType 39->40 40->9 41 7ffda3567d3a-7ffda3567d4c PyModule_AddType 40->41 41->9 42 7ffda3567d52-7ffda3567d73 PyErr_NewException 41->42 42->9 43 7ffda3567d79-7ffda3567d87 PyModule_AddType 42->43 43->9 44 7ffda3567d8d-7ffda3567dae PyErr_NewException 43->44 44->9 45 7ffda3567db4-7ffda3567dc2 PyModule_AddType 44->45 45->9 46 7ffda3567dc8-7ffda3567de3 PyErr_NewException 45->46 46->9 47 7ffda3567de9-7ffda3567df7 PyModule_AddType 46->47 47->9 48 7ffda3567dfd-7ffda3567e18 PyErr_NewException 47->48 48->9 49 7ffda3567e1e-7ffda3567e2c PyModule_AddType 48->49 49->9 50 7ffda3567e32-7ffda3567e4d PyErr_NewException 49->50 50->9 51 7ffda3567e53-7ffda3567e61 PyModule_AddType 50->51 51->9 52 7ffda3567e67-7ffda3567e82 PyErr_NewException 51->52 52->9 53 7ffda3567e88-7ffda3567e96 PyModule_AddType 52->53 53->9 54 7ffda3567e9c-7ffda3567eb7 PyErr_NewException 53->54 54->9 55 7ffda3567ebd-7ffda3567ecb PyModule_AddType 54->55 55->9 56 7ffda3567ed1-7ffda3567eec PyErr_NewException 55->56 56->9 57 7ffda3567ef2-7ffda3567f00 PyModule_AddType 56->57 57->9 58 7ffda3567f06-7ffda3567f20 PyErr_NewException 57->58 58->9 59 7ffda3567f26-7ffda3567f34 PyModule_AddType 58->59 59->9 60 7ffda3567f3a-7ffda3567f55 PyErr_NewException 59->60 60->9 61 7ffda3567f5b-7ffda3567f69 PyModule_AddType 60->61 61->9 62 7ffda3567f6f-7ffda3567f7f PyUnicode_InternFromString 61->62 62->9 63 7ffda3567f85-7ffda3567f9c PyUnicode_InternFromString 62->63 63->9 64 7ffda3567fa2-7ffda3567fb9 PyUnicode_InternFromString 63->64 64->9 65 7ffda3567fbf-7ffda3567fd6 PyUnicode_InternFromString 64->65 65->9 66 7ffda3567fdc-7ffda3567ff3 PyUnicode_InternFromString 65->66 66->9 67 7ffda3567ff9-7ffda3568010 PyUnicode_InternFromString 66->67 67->9 68 7ffda3568016-7ffda356802d PyUnicode_InternFromString 67->68 68->9 69 7ffda3568033-7ffda356804a PyUnicode_InternFromString 68->69 69->9 70 7ffda3568050-7ffda3568061 call 7ffda35683a0 69->70 70->9 73 7ffda3568067-7ffda3568071 call 7ffda3568410 70->73 73->9 76 7ffda3568077-7ffda3568090 PyModule_AddStringConstant 73->76 76->9 77 7ffda3568096-7ffda35680b1 sqlite3_libversion PyModule_AddStringConstant 76->77 77->9 78 7ffda35680b7-7ffda35680cd PyModule_AddIntConstant 77->78 78->9 79 7ffda35680d3-7ffda35680dd sqlite3_threadsafe 78->79 80 7ffda35680df-7ffda35680e2 79->80 81 7ffda356814e-7ffda3568151 79->81 80->11 82 7ffda35680e8 80->82 81->16 82->16
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3400157554.00007FFDA3561000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFDA3560000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3400141377.00007FFDA3560000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3400178310.00007FFDA356F000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3400198525.00007FFDA3579000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3400217598.00007FFDA357B000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3560000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Module_$Constant$Type$From$Err_String$Exception$InternStateUnicode_$Module$SpecType_$AttrFormatImport_sqlite3_errstrsqlite3_initializesqlite3_libversionsqlite3_libversion_numbersqlite3_shutdownsqlite3_threadsafe
                                                                                                                                                                                                                                • String ID: 2.6.0$LEGACY_TRANSACTION_CONTROL$Unable to interpret SQLite threadsafety mode. Got %d, expected 0, 1, or 2$__adapt__$__conform__$_deprecated_version$executescript$finalize$functools$inverse$lru_cache$sqlite3.DataError$sqlite3.DatabaseError$sqlite3.Error$sqlite3.IntegrityError$sqlite3.InterfaceError$sqlite3.InternalError$sqlite3.NotSupportedError$sqlite3.OperationalError$sqlite3.ProgrammingError$sqlite3.Warning$sqlite3: SQLite 3.7.15 or higher required$sqlite_version$step$threadsafety$upper$value
                                                                                                                                                                                                                                • API String ID: 3715894170-1388897118
                                                                                                                                                                                                                                • Opcode ID: 54b508962b6aba38d9045962bd977d9ca43ac6b102c77c9a3a205e403b4b1b7d
                                                                                                                                                                                                                                • Instruction ID: 49e9ba264986e1eecc43dce3d4fac977ac482ea7ac647609b2edbf3b78200165
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54b508962b6aba38d9045962bd977d9ca43ac6b102c77c9a3a205e403b4b1b7d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFE1D060F0FB4352EA4A9B69E8742352392BF46B85F4C5835C91E67352DF3EF0698308
                                                                                                                                                                                                                                Function 00007FF786881000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 83 7ff786881000-7ff786883806 call 7ff78688fe88 call 7ff78688fe90 call 7ff78688c8c0 call 7ff786895460 call 7ff7868954f4 call 7ff7868836b0 97 7ff786883808-7ff78688380f 83->97 98 7ff786883814-7ff786883836 call 7ff786881950 83->98 99 7ff786883c97-7ff786883cb2 call 7ff78688c5c0 97->99 103 7ff78688383c-7ff786883856 call 7ff786881c80 98->103 104 7ff78688391b-7ff786883931 call 7ff7868845b0 98->104 108 7ff78688385b-7ff78688389b call 7ff786888a20 103->108 111 7ff78688396a-7ff78688397f call 7ff786882710 104->111 112 7ff786883933-7ff786883960 call 7ff786887f80 104->112 118 7ff78688389d-7ff7868838a3 108->118 119 7ff7868838c1-7ff7868838cc call 7ff786894fa0 108->119 123 7ff786883c8f 111->123 121 7ff786883984-7ff7868839a6 call 7ff786881c80 112->121 122 7ff786883962-7ff786883965 call 7ff7868900bc 112->122 124 7ff7868838a5-7ff7868838ad 118->124 125 7ff7868838af-7ff7868838bd call 7ff786888b90 118->125 130 7ff7868839fc-7ff786883a2a call 7ff786888b30 call 7ff786888b90 * 3 119->130 131 7ff7868838d2-7ff7868838e1 call 7ff786888a20 119->131 136 7ff7868839b0-7ff7868839b9 121->136 122->111 123->99 124->125 125->119 159 7ff786883a2f-7ff786883a3e call 7ff786888a20 130->159 140 7ff7868838e7-7ff7868838ed 131->140 141 7ff7868839f4-7ff7868839f7 call 7ff786894fa0 131->141 136->136 139 7ff7868839bb-7ff7868839d8 call 7ff786881950 136->139 139->108 151 7ff7868839de-7ff7868839ef call 7ff786882710 139->151 145 7ff7868838f0-7ff7868838fc 140->145 141->130 148 7ff7868838fe-7ff786883903 145->148 149 7ff786883905-7ff786883908 145->149 148->145 148->149 149->141 152 7ff78688390e-7ff786883916 call 7ff786894fa0 149->152 151->123 152->159 162 7ff786883b45-7ff786883b53 159->162 163 7ff786883a44-7ff786883a47 159->163 164 7ff786883b59-7ff786883b5d 162->164 165 7ff786883a67 162->165 163->162 166 7ff786883a4d-7ff786883a50 163->166 169 7ff786883a6b-7ff786883a90 call 7ff786894fa0 164->169 165->169 167 7ff786883a56-7ff786883a5a 166->167 168 7ff786883b14-7ff786883b17 166->168 167->168 170 7ff786883a60 167->170 171 7ff786883b19-7ff786883b1d 168->171 172 7ff786883b2f-7ff786883b40 call 7ff786882710 168->172 178 7ff786883aab-7ff786883ac0 169->178 179 7ff786883a92-7ff786883aa6 call 7ff786888b30 169->179 170->165 171->172 174 7ff786883b1f-7ff786883b2a 171->174 180 7ff786883c7f-7ff786883c87 172->180 174->169 182 7ff786883be8-7ff786883bfa call 7ff786888a20 178->182 183 7ff786883ac6-7ff786883aca 178->183 179->178 180->123 191 7ff786883c2e 182->191 192 7ff786883bfc-7ff786883c02 182->192 185 7ff786883bcd-7ff786883be2 call 7ff786881940 183->185 186 7ff786883ad0-7ff786883ae8 call 7ff7868952c0 183->186 185->182 185->183 196 7ff786883aea-7ff786883b02 call 7ff7868952c0 186->196 197 7ff786883b62-7ff786883b7a call 7ff7868952c0 186->197 198 7ff786883c31-7ff786883c40 call 7ff786894fa0 191->198 194 7ff786883c1e-7ff786883c2c 192->194 195 7ff786883c04-7ff786883c1c 192->195 194->198 195->198 196->185 205 7ff786883b08-7ff786883b0f 196->205 208 7ff786883b7c-7ff786883b80 197->208 209 7ff786883b87-7ff786883b9f call 7ff7868952c0 197->209 206 7ff786883c46-7ff786883c4a 198->206 207 7ff786883d41-7ff786883d63 call 7ff7868844d0 198->207 205->185 210 7ff786883cd4-7ff786883ce6 call 7ff786888a20 206->210 211 7ff786883c50-7ff786883c5f call 7ff7868890e0 206->211 222 7ff786883d65-7ff786883d6f call 7ff786884620 207->222 223 7ff786883d71-7ff786883d82 call 7ff786881c80 207->223 208->209 218 7ff786883bac-7ff786883bc4 call 7ff7868952c0 209->218 219 7ff786883ba1-7ff786883ba5 209->219 227 7ff786883ce8-7ff786883ceb 210->227 228 7ff786883d35-7ff786883d3c 210->228 225 7ff786883cb3-7ff786883cbd call 7ff786888850 211->225 226 7ff786883c61 211->226 218->185 238 7ff786883bc6 218->238 219->218 236 7ff786883d87-7ff786883d96 222->236 223->236 244 7ff786883cc8-7ff786883ccf 225->244 245 7ff786883cbf-7ff786883cc6 225->245 233 7ff786883c68 call 7ff786882710 226->233 227->228 234 7ff786883ced-7ff786883d10 call 7ff786881c80 227->234 228->233 246 7ff786883c6d-7ff786883c77 233->246 250 7ff786883d2b-7ff786883d33 call 7ff786894fa0 234->250 251 7ff786883d12-7ff786883d26 call 7ff786882710 call 7ff786894fa0 234->251 241 7ff786883d98-7ff786883d9f 236->241 242 7ff786883dc4-7ff786883dda call 7ff786889400 236->242 238->185 241->242 248 7ff786883da1-7ff786883da5 241->248 254 7ff786883ddc 242->254 255 7ff786883de8-7ff786883e04 SetDllDirectoryW 242->255 244->236 245->233 246->180 248->242 252 7ff786883da7-7ff786883dbe SetDllDirectoryW LoadLibraryExW 248->252 250->236 251->246 252->242 254->255 258 7ff786883e0a-7ff786883e19 call 7ff786888a20 255->258 259 7ff786883f01-7ff786883f08 255->259 272 7ff786883e1b-7ff786883e21 258->272 273 7ff786883e32-7ff786883e3c call 7ff786894fa0 258->273 261 7ff786883f0e-7ff786883f15 259->261 262 7ff786883ffc-7ff786884004 259->262 261->262 265 7ff786883f1b-7ff786883f25 call 7ff7868833c0 261->265 266 7ff786884029-7ff786884034 call 7ff7868836a0 call 7ff786883360 262->266 267 7ff786884006-7ff786884023 PostMessageW GetMessageW 262->267 265->246 279 7ff786883f2b-7ff786883f3f call 7ff7868890c0 265->279 283 7ff786884039-7ff78688405b call 7ff786883670 call 7ff786886fb0 call 7ff786886d60 266->283 267->266 276 7ff786883e2d-7ff786883e2f 272->276 277 7ff786883e23-7ff786883e2b 272->277 284 7ff786883ef2-7ff786883efc call 7ff786888b30 273->284 285 7ff786883e42-7ff786883e48 273->285 276->273 277->276 292 7ff786883f64-7ff786883fa7 call 7ff786888b30 call 7ff786888bd0 call 7ff786886fb0 call 7ff786886d60 call 7ff786888ad0 279->292 293 7ff786883f41-7ff786883f5e PostMessageW GetMessageW 279->293 284->259 285->284 286 7ff786883e4e-7ff786883e54 285->286 290 7ff786883e56-7ff786883e58 286->290 291 7ff786883e5f-7ff786883e61 286->291 295 7ff786883e5a 290->295 296 7ff786883e67-7ff786883e83 call 7ff786886db0 call 7ff786887330 290->296 291->259 291->296 331 7ff786883fe9-7ff786883ff7 call 7ff786881900 292->331 332 7ff786883fa9-7ff786883fb3 call 7ff786889200 292->332 293->292 295->259 310 7ff786883e8e-7ff786883e95 296->310 311 7ff786883e85-7ff786883e8c 296->311 315 7ff786883e97-7ff786883ea4 call 7ff786886df0 310->315 316 7ff786883eaf-7ff786883eb9 call 7ff7868871a0 310->316 314 7ff786883edb-7ff786883ef0 call 7ff786882a50 call 7ff786886fb0 call 7ff786886d60 311->314 314->259 315->316 329 7ff786883ea6-7ff786883ead 315->329 325 7ff786883ebb-7ff786883ec2 316->325 326 7ff786883ec4-7ff786883ed2 call 7ff7868874e0 316->326 325->314 326->259 339 7ff786883ed4 326->339 329->314 331->246 332->331 342 7ff786883fb5-7ff786883fca 332->342 339->314 343 7ff786883fcc-7ff786883fdf call 7ff786882710 call 7ff786881900 342->343 344 7ff786883fe4 call 7ff786882a50 342->344 343->246 344->331
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                • Opcode ID: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                • Instruction ID: 7997b903bcd1d4eed58883a138d33c9e5965fdff2f3ff563d0f4a66b698a1807
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0a66ebca772141f760a29a0dd77fc68e5502f7a94feb123d2d63e937376cc0c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76328061A0868276FA25BB65DC543BBA691BF48B80FE44035DA5D432C2EF2CED74C321
                                                                                                                                                                                                                                Function 00007FF7868A69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 558 7ff7868a69d4-7ff7868a6a47 call 7ff7868a6708 561 7ff7868a6a61-7ff7868a6a6b call 7ff786898590 558->561 562 7ff7868a6a49-7ff7868a6a52 call 7ff786894f58 558->562 568 7ff7868a6a86-7ff7868a6aef CreateFileW 561->568 569 7ff7868a6a6d-7ff7868a6a84 call 7ff786894f58 call 7ff786894f78 561->569 567 7ff7868a6a55-7ff7868a6a5c call 7ff786894f78 562->567 585 7ff7868a6da2-7ff7868a6dc2 567->585 570 7ff7868a6af1-7ff7868a6af7 568->570 571 7ff7868a6b6c-7ff7868a6b77 GetFileType 568->571 569->567 574 7ff7868a6b39-7ff7868a6b67 GetLastError call 7ff786894eec 570->574 575 7ff7868a6af9-7ff7868a6afd 570->575 577 7ff7868a6bca-7ff7868a6bd1 571->577 578 7ff7868a6b79-7ff7868a6bb4 GetLastError call 7ff786894eec CloseHandle 571->578 574->567 575->574 583 7ff7868a6aff-7ff7868a6b37 CreateFileW 575->583 581 7ff7868a6bd3-7ff7868a6bd7 577->581 582 7ff7868a6bd9-7ff7868a6bdc 577->582 578->567 593 7ff7868a6bba-7ff7868a6bc5 call 7ff786894f78 578->593 588 7ff7868a6be2-7ff7868a6c37 call 7ff7868984a8 581->588 582->588 589 7ff7868a6bde 582->589 583->571 583->574 596 7ff7868a6c56-7ff7868a6c87 call 7ff7868a6488 588->596 597 7ff7868a6c39-7ff7868a6c45 call 7ff7868a6910 588->597 589->588 593->567 603 7ff7868a6c89-7ff7868a6c8b 596->603 604 7ff7868a6c8d-7ff7868a6ccf 596->604 597->596 605 7ff7868a6c47 597->605 606 7ff7868a6c49-7ff7868a6c51 call 7ff78689ab30 603->606 607 7ff7868a6cf1-7ff7868a6cfc 604->607 608 7ff7868a6cd1-7ff7868a6cd5 604->608 605->606 606->585 610 7ff7868a6da0 607->610 611 7ff7868a6d02-7ff7868a6d06 607->611 608->607 609 7ff7868a6cd7-7ff7868a6cec 608->609 609->607 610->585 611->610 613 7ff7868a6d0c-7ff7868a6d51 CloseHandle CreateFileW 611->613 615 7ff7868a6d53-7ff7868a6d81 GetLastError call 7ff786894eec call 7ff7868986d0 613->615 616 7ff7868a6d86-7ff7868a6d9b 613->616 615->616 616->610
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                • Instruction ID: 3171dfbe549b8d5a575667b336bac2fc80750441a655accd573b209428e1d0c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42C10432B28A4295EB10EF66C8906AE7761F748B98F615235DF2E573D4DF38E861C310
                                                                                                                                                                                                                                Function 00007FF7868892F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                • Instruction ID: b1332d000ec5f340ea4a1df85e41ec7272790a3c7aa0ed4c4a4cae79f870e271
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F06822A1874296FB609B64B849777B350FB84764F941335D96D02AD4DF3CD869CB10
                                                                                                                                                                                                                                Function 00007FFD93A80180 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                                                                • Opcode ID: b0054afb10e4f66619171edf603becae74e7afe6d3d72f3cb96377bce576b712
                                                                                                                                                                                                                                • Instruction ID: 2fafd4cfc4d096db053ba3813f8acfd4f3c8fef4772650264a4b76a93cb1c5cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0054afb10e4f66619171edf603becae74e7afe6d3d72f3cb96377bce576b712
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58A1E865F0AB0796EE78DBCDE4703382298BF55B48F140539CA8E666A0EF7CE590C344
                                                                                                                                                                                                                                Function 00007FF786881950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 350 7ff786881950-7ff78688198b call 7ff7868845b0 353 7ff786881c4e-7ff786881c72 call 7ff78688c5c0 350->353 354 7ff786881991-7ff7868819d1 call 7ff786887f80 350->354 359 7ff786881c3b-7ff786881c3e call 7ff7868900bc 354->359 360 7ff7868819d7-7ff7868819e7 call 7ff786890744 354->360 364 7ff786881c43-7ff786881c4b 359->364 365 7ff7868819e9-7ff786881a03 call 7ff786894f78 call 7ff786882910 360->365 366 7ff786881a08-7ff786881a24 call 7ff78689040c 360->366 364->353 365->359 371 7ff786881a26-7ff786881a40 call 7ff786894f78 call 7ff786882910 366->371 372 7ff786881a45-7ff786881a5a call 7ff786894f98 366->372 371->359 380 7ff786881a5c-7ff786881a76 call 7ff786894f78 call 7ff786882910 372->380 381 7ff786881a7b-7ff786881afc call 7ff786881c80 * 2 call 7ff786890744 372->381 380->359 392 7ff786881b01-7ff786881b14 call 7ff786894fb4 381->392 395 7ff786881b16-7ff786881b30 call 7ff786894f78 call 7ff786882910 392->395 396 7ff786881b35-7ff786881b4e call 7ff78689040c 392->396 395->359 401 7ff786881b50-7ff786881b6a call 7ff786894f78 call 7ff786882910 396->401 402 7ff786881b6f-7ff786881b8b call 7ff786890180 396->402 401->359 410 7ff786881b9e-7ff786881bac 402->410 411 7ff786881b8d-7ff786881b99 call 7ff786882710 402->411 410->359 414 7ff786881bb2-7ff786881bb9 410->414 411->359 416 7ff786881bc1-7ff786881bc7 414->416 417 7ff786881bc9-7ff786881bd6 416->417 418 7ff786881be0-7ff786881bef 416->418 419 7ff786881bf1-7ff786881bfa 417->419 418->418 418->419 420 7ff786881bfc-7ff786881bff 419->420 421 7ff786881c0f 419->421 420->421 422 7ff786881c01-7ff786881c04 420->422 423 7ff786881c11-7ff786881c24 421->423 422->421 424 7ff786881c06-7ff786881c09 422->424 425 7ff786881c2d-7ff786881c39 423->425 426 7ff786881c26 423->426 424->421 427 7ff786881c0b-7ff786881c0d 424->427 425->359 425->416 426->425 427->423
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786887F80: _fread_nolock.LIBCMT ref: 00007FF78688802A
                                                                                                                                                                                                                                • _fread_nolock.LIBCMT ref: 00007FF786881A1B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF786881B6A), ref: 00007FF78688295E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                • Opcode ID: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                                                • Instruction ID: 5d3eeb9d97ec27f1a87f5db144c8365455cd6b26130d5cfdf597f18d37084262
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abc02df14881b8553accab44fb79ef53eaa7c88a432e732f5ead529d710b0ae2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7281C571A1C683A9E720EB15D8406BBA3A2FF44B84FE04035D98D47786EE3CED65C760
                                                                                                                                                                                                                                Function 00007FF786882180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                • Instruction ID: aea5a987af94b89fd91d4f14867a71dc2804fc1ffbe8bcea858fbe427819369d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48510726614BA186D6349F26E8181BBF7A1FB98B62F104131EFDE43694DF3CD455CB20
                                                                                                                                                                                                                                Function 00007FF786881470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                • Opcode ID: 3899eae9b9cf556598d50536af751799a91292f9e5d7650659be9fe1a68b4b95
                                                                                                                                                                                                                                • Instruction ID: feb900763a8b230532dceae8de79ad601e3d16dc9fbb0a9f4766156222dcc3a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3899eae9b9cf556598d50536af751799a91292f9e5d7650659be9fe1a68b4b95
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11418021A18643A9EB10EB229C015BBE391BF44B98FE44432ED4D07B95EF3CED25C761
                                                                                                                                                                                                                                Function 00007FF786881210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 621 7ff786881210-7ff78688126d call 7ff78688bdf0 624 7ff786881297-7ff7868812af call 7ff786894fb4 621->624 625 7ff78688126f-7ff786881296 call 7ff786882710 621->625 630 7ff7868812d4-7ff7868812e4 call 7ff786894fb4 624->630 631 7ff7868812b1-7ff7868812cf call 7ff786894f78 call 7ff786882910 624->631 637 7ff786881309-7ff78688131b 630->637 638 7ff7868812e6-7ff786881304 call 7ff786894f78 call 7ff786882910 630->638 643 7ff786881439-7ff78688146d call 7ff78688bad0 call 7ff786894fa0 * 2 631->643 639 7ff786881320-7ff786881345 call 7ff78689040c 637->639 638->643 650 7ff78688134b-7ff786881355 call 7ff786890180 639->650 651 7ff786881431 639->651 650->651 657 7ff78688135b-7ff786881367 650->657 651->643 659 7ff786881370-7ff786881398 call 7ff78688a230 657->659 662 7ff78688139a-7ff78688139d 659->662 663 7ff786881416-7ff78688142c call 7ff786882710 659->663 665 7ff786881411 662->665 666 7ff78688139f-7ff7868813a9 662->666 663->651 665->663 667 7ff7868813ab-7ff7868813b9 call 7ff786890b4c 666->667 668 7ff7868813d4-7ff7868813d7 666->668 672 7ff7868813be-7ff7868813c1 667->672 670 7ff7868813ea-7ff7868813ef 668->670 671 7ff7868813d9-7ff7868813e7 call 7ff7868a9ea0 668->671 670->659 674 7ff7868813f5-7ff7868813f8 670->674 671->670 675 7ff7868813c3-7ff7868813cd call 7ff786890180 672->675 676 7ff7868813cf-7ff7868813d2 672->676 678 7ff78688140c-7ff78688140f 674->678 679 7ff7868813fa-7ff7868813fd 674->679 675->670 675->676 676->663 678->651 679->663 681 7ff7868813ff-7ff786881407 679->681 681->639
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                • Opcode ID: 5578c14fe94a244900e9a575e4f77a257a8de495ed559fdf9b362ebbbffb2fa7
                                                                                                                                                                                                                                • Instruction ID: 48d92ab5e57d2e909a0196a2dc40c0e968f3a15ec074bb16271c88c7a2ad4f37
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5578c14fe94a244900e9a575e4f77a257a8de495ed559fdf9b362ebbbffb2fa7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E751D222A1864365E660BB12AC103BBE291BF85B98FE44135ED8D477D5EF3CED21C720
                                                                                                                                                                                                                                Function 00007FF7868836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF786883804), ref: 00007FF7868836E1
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF786883804), ref: 00007FF7868836EB
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882C9E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882D63
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882C50: MessageBoxW.USER32 ref: 00007FF786882D99
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                • Instruction ID: b959de0d5084b33c3ffb6be68ab4057664d1f31ce870a0e2ad482121e6d76bce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F21A751B1C642B5FE20B725EC113B7A361BF88B55FE00132D95E825D5EE2CED25C361
                                                                                                                                                                                                                                Function 00007FF78689BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 782 7ff78689bacc-7ff78689baf2 783 7ff78689baf4-7ff78689bb08 call 7ff786894f58 call 7ff786894f78 782->783 784 7ff78689bb0d-7ff78689bb11 782->784 802 7ff78689befe 783->802 786 7ff78689bee7-7ff78689bef3 call 7ff786894f58 call 7ff786894f78 784->786 787 7ff78689bb17-7ff78689bb1e 784->787 804 7ff78689bef9 call 7ff78689a950 786->804 787->786 789 7ff78689bb24-7ff78689bb52 787->789 789->786 791 7ff78689bb58-7ff78689bb5f 789->791 795 7ff78689bb61-7ff78689bb73 call 7ff786894f58 call 7ff786894f78 791->795 796 7ff78689bb78-7ff78689bb7b 791->796 795->804 800 7ff78689bb81-7ff78689bb87 796->800 801 7ff78689bee3-7ff78689bee5 796->801 800->801 806 7ff78689bb8d-7ff78689bb90 800->806 803 7ff78689bf01-7ff78689bf18 801->803 802->803 804->802 806->795 809 7ff78689bb92-7ff78689bbb7 806->809 811 7ff78689bbea-7ff78689bbf1 809->811 812 7ff78689bbb9-7ff78689bbbb 809->812 813 7ff78689bbf3-7ff78689bbff call 7ff78689d66c 811->813 814 7ff78689bbc6-7ff78689bbdd call 7ff786894f58 call 7ff786894f78 call 7ff78689a950 811->814 815 7ff78689bbe2-7ff78689bbe8 812->815 816 7ff78689bbbd-7ff78689bbc4 812->816 822 7ff78689bc04-7ff78689bc1b call 7ff78689a9b8 * 2 813->822 845 7ff78689bd70 814->845 817 7ff78689bc68-7ff78689bc7f 815->817 816->814 816->815 820 7ff78689bc81-7ff78689bc89 817->820 821 7ff78689bcfa-7ff78689bd04 call 7ff7868a398c 817->821 820->821 826 7ff78689bc8b-7ff78689bc8d 820->826 832 7ff78689bd0a-7ff78689bd1f 821->832 833 7ff78689bd8e 821->833 847 7ff78689bc38-7ff78689bc63 call 7ff78689c2f4 822->847 848 7ff78689bc1d-7ff78689bc33 call 7ff786894f78 call 7ff786894f58 822->848 826->821 830 7ff78689bc8f-7ff78689bca5 826->830 830->821 835 7ff78689bca7-7ff78689bcb3 830->835 832->833 837 7ff78689bd21-7ff78689bd33 GetConsoleMode 832->837 841 7ff78689bd93-7ff78689bdb3 ReadFile 833->841 835->821 839 7ff78689bcb5-7ff78689bcb7 835->839 837->833 844 7ff78689bd35-7ff78689bd3d 837->844 839->821 846 7ff78689bcb9-7ff78689bcd1 839->846 842 7ff78689bdb9-7ff78689bdc1 841->842 843 7ff78689bead-7ff78689beb6 GetLastError 841->843 842->843 849 7ff78689bdc7 842->849 852 7ff78689bed3-7ff78689bed6 843->852 853 7ff78689beb8-7ff78689bece call 7ff786894f78 call 7ff786894f58 843->853 844->841 851 7ff78689bd3f-7ff78689bd61 ReadConsoleW 844->851 854 7ff78689bd73-7ff78689bd7d call 7ff78689a9b8 845->854 846->821 855 7ff78689bcd3-7ff78689bcdf 846->855 847->817 848->845 857 7ff78689bdce-7ff78689bde3 849->857 859 7ff78689bd82-7ff78689bd8c 851->859 860 7ff78689bd63 GetLastError 851->860 865 7ff78689bd69-7ff78689bd6b call 7ff786894eec 852->865 866 7ff78689bedc-7ff78689bede 852->866 853->845 854->803 855->821 863 7ff78689bce1-7ff78689bce3 855->863 857->854 868 7ff78689bde5-7ff78689bdf0 857->868 859->857 860->865 863->821 872 7ff78689bce5-7ff78689bcf5 863->872 865->845 866->854 874 7ff78689bdf2-7ff78689be0b call 7ff78689b6e4 868->874 875 7ff78689be17-7ff78689be1f 868->875 872->821 882 7ff78689be10-7ff78689be12 874->882 878 7ff78689be21-7ff78689be33 875->878 879 7ff78689be9b-7ff78689bea8 call 7ff78689b524 875->879 883 7ff78689be35 878->883 884 7ff78689be8e-7ff78689be96 878->884 879->882 882->854 886 7ff78689be3a-7ff78689be41 883->886 884->854 887 7ff78689be43-7ff78689be47 886->887 888 7ff78689be7d-7ff78689be88 886->888 889 7ff78689be63 887->889 890 7ff78689be49-7ff78689be50 887->890 888->884 891 7ff78689be69-7ff78689be79 889->891 890->889 892 7ff78689be52-7ff78689be56 890->892 891->886 893 7ff78689be7b 891->893 892->889 894 7ff78689be58-7ff78689be61 892->894 893->884 894->891
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                • Instruction ID: 3fe11dfb4f17d52e7ca9e7b3a904445dc9338b43c0ac86570b593e5a383f281f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65C1B52290C686A9E751AB1598402BFA766FF81B84FF54131EA4E037D1EE7CFC65C720
                                                                                                                                                                                                                                Function 00007FF786886350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                • Instruction ID: 8e6d736b6a036913ec27039f631ad4c470e59d33526330c51c9a70b3410b52a9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87418321A18687B1EA21FB25E8152EBA361FF54740FE00132DA5D43695EF3CED65C361
                                                                                                                                                                                                                                Function 00007FF786882390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                • Instruction ID: a26fd914a809d7c20ffd9d3c0fd2f471e85d74eb31464f0feffde1f652b2f9cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1431723261968299EB20EF61EC552FAA360FF88788FA40135EE4D47B49EF3CD511C711
                                                                                                                                                                                                                                Function 00007FF786895698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                • Instruction ID: 34dd8e7d0931d4145ed8793a1c6ed29c14a7d2ec580079bc391c4c5de8f72986
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4441B522D18782A7E711AB21995037AB360FB94764F609334EA5C03AD1EF7CB9F0C721
                                                                                                                                                                                                                                Function 00007FF7868820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                                • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                • Instruction ID: 5f6e7416d0a87d29fee86b88f77ea6a07fef8c3c38fb3ee82fcc953a9f085559
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C11C625A1C14252F654A76AED5527B9292FF84B81FE44030DE4D07B89CD3DECA1C250
                                                                                                                                                                                                                                Function 00007FF78688CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3251591375-0
                                                                                                                                                                                                                                • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                • Instruction ID: beedc2530818bd3f20e9735d9b598f19e1bf10e76e5436f8ed69fdf564e3ff3f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD313810E4824375FA64BB25DC223BB9691BF41B84FE44434E94D476DBDE2CBC25C671
                                                                                                                                                                                                                                Function 00007FF7868901AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                • Instruction ID: 665c93adb0c584f00bd214158fe094e281fa43c5923644cbf4b420326caaadac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C251F621B0924266E764AA759C0067BE291BF44BA8FB44738DE6D437C5EF3CFC21D620
                                                                                                                                                                                                                                Function 00007FF78689C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                • Instruction ID: 2dbfb5474d542de2611190ac62ffe3654f8399c72199d0216cb257f0209406b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2711E761718B8191DA10AB25AC1426AE361BB45BF4FB44331EE7D4B7D9DF7CE821C700
                                                                                                                                                                                                                                Function 00007FF78689A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                • Instruction ID: 774ea465db3869487028056138b5d626f31bcc8fa99dad765c66b46427e2cb87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84E04F10E1860267FF147BB29C5513B92517F88741FA50030C81D422A1EE2CBCA5C320
                                                                                                                                                                                                                                Function 00007FF78689ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00007FF78689AA45,?,?,00000000,00007FF78689AAFA), ref: 00007FF78689AC36
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF78689AA45,?,?,00000000,00007FF78689AAFA), ref: 00007FF78689AC40
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                • Instruction ID: 0a7110f359e1e6a0c7f033f335cff42f2b88689ea5dfbc941ec59c8e950b9473
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4321A411B1C64261EE9077619C9027B9292BF847A4FB84235DA1E4B3C1EE6CFC65C320
                                                                                                                                                                                                                                Function 00007FF78689BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                • Instruction ID: 8997ef36e8d08448af129c917bb73bba53ee60a7b9851b75f2aa102892bb567e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E41D6329082019BEB34AB16A94427BB3A5FB55B54FB00131DA8E436D1EF6DFC52CB71
                                                                                                                                                                                                                                Function 00007FF786887F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                • Opcode ID: e030e723ccfde11af85d0dda47479fa887e00b1a31505a58a3447353ba43a7bb
                                                                                                                                                                                                                                • Instruction ID: a0401811d907a02e121748e563ddec2030a19939cd3a8e8091dad5b2dace5c1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e030e723ccfde11af85d0dda47479fa887e00b1a31505a58a3447353ba43a7bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C121D661B49652A5FA20BA226D043BBE691BF45FD8FEC4430EE0D0F786DE7DE851C610
                                                                                                                                                                                                                                Function 00007FF78689B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                • Instruction ID: 2641597b1bcdb6f08cf892f11f01822c6d5307bbb622eca379daa64d4c4d0e81
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8316D31A28642A9E7517B558C4127FA691BB40BA4FE10135E92D273D2EEBCFC61C731
                                                                                                                                                                                                                                Function 00007FF786896004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                • Instruction ID: d5cfce93e65802c74b1b11083c1f75275c8c99e29acdeddc64114d30c52a7a43
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61116222A1864291EA61BF11980017FE260BF45B98FE44031EB4C57A96EFBDFD60C722
                                                                                                                                                                                                                                Function 00007FF7868A63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                • Instruction ID: 675be22f4dea1f475448b76cd36bd846d34dafe06e7aa2872b1e4e170037bc1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D212972608A4297D760AF19D84077AB3A0FB80B55FB40234EA9E476D9DF3CDC60CB10
                                                                                                                                                                                                                                Function 00007FF78689042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                • Instruction ID: 75912b1bf679fed69e5c81c0d616f01fe24bb1b898691c92ace4de55fb2e9e87
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A010861A0874150E910FF525D0106AE691BF91FE4FA84634DE5C53BD6EE3CF821C710
                                                                                                                                                                                                                                Function 00007FF786889070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7868845E4,00000000,00007FF786881985), ref: 00007FF786889439
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00007FF786886466,?,00007FF78688336E), ref: 00007FF786889092
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2592636585-0
                                                                                                                                                                                                                                • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                • Instruction ID: ed7ea94b42d961da681919187680ae6dd76426d82f89560d1ca26905af68883a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97D08C11B2424651EA94B76BBA4662A9252ABC9BC4FA88035EE1D03B4AEC3CD4618B00
                                                                                                                                                                                                                                Function 00007FF78689D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF786890D00,?,?,?,00007FF78689236A,?,?,?,?,?,00007FF786893B59), ref: 00007FF78689D6AA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                • Instruction ID: 017bc7437dd84b26760dbd645b9478d37f1b666bfec2f0458e8ff71825126909
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F03A14A0DB0265FE5676625C1127AA2907F957A0FA84230DE2E853C2EE6CBC60C974

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00007FF786888BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                • Instruction ID: 438da8d0c0de37b86482c8b13a192400b1c9f3c284d2a92ccb293e5260d435ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CD1A531A08B82A6E710AF35EC542ABB761FF84B59FA00235DE5D47694DF3CD964C710
                                                                                                                                                                                                                                Function 00007FFD93B2F840 Relevance: 20.0, APIs: 2, Strings: 11, Instructions: 456COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcmpmemcpy
                                                                                                                                                                                                                                • String ID: %s mode not allowed: %s$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                                • API String ID: 1784268899-1330295256
                                                                                                                                                                                                                                • Opcode ID: dc9c8d5d3580681435808636d4fadb7b35fdaa8ccab8ab5a4871f2b3615016fe
                                                                                                                                                                                                                                • Instruction ID: 0c629a89bc3c2f1ab60d574c9f3d7472c7c934204a329022436900c4df963075
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc9c8d5d3580681435808636d4fadb7b35fdaa8ccab8ab5a4871f2b3615016fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD02F062F0C28245FB758BA5D4743796B99EB21BA8F044335DBEE666C5DE3CE8458300
                                                                                                                                                                                                                                Function 00007FFD93BE18A0 Relevance: 13.9, APIs: 9, Instructions: 426COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3719493655-0
                                                                                                                                                                                                                                • Opcode ID: 13b0b1041cca574ca06701db0d45e779ed743a60764eb712a04665505c58f9af
                                                                                                                                                                                                                                • Instruction ID: 91c3215af6e20caa2efaeade862bf951bc6a3a5d40948e22c7f02787a4a32d3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13b0b1041cca574ca06701db0d45e779ed743a60764eb712a04665505c58f9af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF020472B0C59282E7348B9DD46467D37A9FB84788F684131D6DEA6780EF3CE840C782
                                                                                                                                                                                                                                Function 00007FFD93A9C720 Relevance: 13.9, APIs: 1, Strings: 8, Instructions: 403COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: 3|r<$Bad ptr map entry key=%u expected=(%u,%u) got=(%u,%u)$Failed to read ptrmap key=%u$Freelist: $Page %u: never used$Page %u: pointer map referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
                                                                                                                                                                                                                                • API String ID: 2221118986-3000184473
                                                                                                                                                                                                                                • Opcode ID: ba183b6814ddd736a71aeb774c7d47a38622bcc163b2f6dde4c5f696381e8954
                                                                                                                                                                                                                                • Instruction ID: 1422967cbb06367991337db08c66bc6bde6e66f4e617159cccad57ad6cc55781
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba183b6814ddd736a71aeb774c7d47a38622bcc163b2f6dde4c5f696381e8954
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D302AF76F08A418AE734CBA9D46427D77A9FB84748F14413ADA8E67B94DF3CE840CB40
                                                                                                                                                                                                                                Function 00007FFD9E851960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3398881311.00007FFD9E851000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFD9E850000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398785576.00007FFD9E850000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398898607.00007FFD9E854000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398913456.00007FFD9E855000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398946159.00007FFD9E856000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd9e850000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                                                • Instruction ID: 054c1795412b58f5ff7415cb8ae9f2742f742cedf30e6d086934c8130481ff81
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC312D72709B8189EB709FE0E8A03ED7364FB84744F54447ADA4E47A99DF38D648C760
                                                                                                                                                                                                                                Function 00007FFD9E841960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3398726014.00007FFD9E841000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFD9E840000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398673718.00007FFD9E840000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398743429.00007FFD9E846000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398761417.00007FFD9E84B000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd9e840000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                                                • Instruction ID: a9f5aec6640f3cc03c8682a5e30e6605b27fee00270b65bc5afa76e591679880
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B312D72709B8189EB709FE0E8A07ED7364FB88744F44453ADA4E57A94EF38D648C720
                                                                                                                                                                                                                                Function 00007FFDA32F1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399773954.00007FFDA32F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFDA32F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399757109.00007FFDA32F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399790328.00007FFDA32F3000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399805937.00007FFDA32F4000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399820426.00007FFDA32F5000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda32f0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                                • Instruction ID: 1ce7a5f6019f69b6f0fb4cf2ee23215719ee90cad8ac3e695b7a0f1fd7679b29
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26315E7270AA81CAEB649F60E8607E97361FB84744F84403ADB8E57B89DF39D558C708
                                                                                                                                                                                                                                Function 00007FFDA3531960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                                • Instruction ID: e1d140e2d91dce6ef3868b8ba04d7d7eec9d4e59f9a7a0bde5aa5b72a0c079be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15319072B0AB8189EB659F64E8603ED3361FB84344F44483ADA8E53B85DF3DD648C718
                                                                                                                                                                                                                                Function 00007FFD93A7E980 Relevance: 12.4, APIs: 2, Strings: 6, Instructions: 399COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                                • API String ID: 2221118986-463513059
                                                                                                                                                                                                                                • Opcode ID: f78114a871995769fda7b6e9c41417a2f13788b9671d04a7951bcf123021d595
                                                                                                                                                                                                                                • Instruction ID: 61c8d3d2b4079ca63c5d07f8e6896479f3fe310a2eae1c4fa3356f58761e8f29
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f78114a871995769fda7b6e9c41417a2f13788b9671d04a7951bcf123021d595
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9E15451F1C3CA47EE2C8B79A4B55386B98AB55788F48813ADAAF437D2DE2CF511C300
                                                                                                                                                                                                                                Function 00007FFD93AE9A70 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 398COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$API call with %s database connection pointer$NULL$invalid$misuse$unopened
                                                                                                                                                                                                                                • API String ID: 3510742995-863375387
                                                                                                                                                                                                                                • Opcode ID: ebcfd4d320c8a855c25bad2e79043b46f1baa289721c4d7e74e567b371a0d908
                                                                                                                                                                                                                                • Instruction ID: 0e3852c79b28793eba0dafd391e0d5dc65704c89c1c6f768cc4b2a0a59f25336
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebcfd4d320c8a855c25bad2e79043b46f1baa289721c4d7e74e567b371a0d908
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C002B322B0978285EB749B96D4703BE67AAFF84B88F544139DE8E67795DF3CE4418300
                                                                                                                                                                                                                                Function 00007FF7868883B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF78688841B
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF78688849E
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884BD
                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884CB
                                                                                                                                                                                                                                • FindClose.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884DC
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,00007FF786888B09,00007FF786883FA5), ref: 00007FF7868884E5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                • String ID: %s\*
                                                                                                                                                                                                                                • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                • Instruction ID: ded52e21894fb40567f0cd365215e39380ed7354b0157a87048cd12689cfa2aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF41A062A0C943A5EA30BB21EC445BBA3A5FF94B50FE00232D99D466C4DF3CED56C720
                                                                                                                                                                                                                                Function 00007FFD93AF1850 Relevance: 10.9, APIs: 3, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: 3|r<$database schema is locked: %s$out of memory$statement too long
                                                                                                                                                                                                                                • API String ID: 2221118986-1562815132
                                                                                                                                                                                                                                • Opcode ID: b968ee7f529514d3c8785df9b5e5e7d59bf4ad24483beab919f2932cdee82f83
                                                                                                                                                                                                                                • Instruction ID: f45ba0c32c624c7c71c729eb756dbbdd40bf7557bdec3a2524b37f38970956a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b968ee7f529514d3c8785df9b5e5e7d59bf4ad24483beab919f2932cdee82f83
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAF1A022B0878286EB34CFA1D4647BA67A8FF95B88F080135DA8E27795DF7CE441C740
                                                                                                                                                                                                                                Function 00007FFD93BE12F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4139299733-0
                                                                                                                                                                                                                                • Opcode ID: 4c1ab3a9ee10578f50e5ddcb80cbb1500edbf8f85856d8ea69ee8be7dac4cd66
                                                                                                                                                                                                                                • Instruction ID: f0a64276e313d1ecf9494651b95a502ebdf7f172568ee30ac42083f63043fe32
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c1ab3a9ee10578f50e5ddcb80cbb1500edbf8f85856d8ea69ee8be7dac4cd66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8E1BFB2F1C55281EB348B99D03467D37ADFB45798F640235DADEA2780DE2CE941C782
                                                                                                                                                                                                                                Function 00007FF78688D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                • Instruction ID: 9d75b1113054d2fb331f7db43c923384e283103b4617b015ac9b0d72fb6b7c38
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21315372608B819AEB609F61EC803EEB361FB88745F94403ADA4D47B95DF3CD958C720
                                                                                                                                                                                                                                Function 00007FFD93A76948 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 441COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
                                                                                                                                                                                                                                • API String ID: 0-2031831958
                                                                                                                                                                                                                                • Opcode ID: 3d34d0e7b00230b3be4a4963189f5afe2a8e6f33793eb41f9f926aece0841a0b
                                                                                                                                                                                                                                • Instruction ID: 0d0e3668134b41a10db7971de6157f0e44b7b82f8730653c495132bc45561b6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d34d0e7b00230b3be4a4963189f5afe2a8e6f33793eb41f9f926aece0841a0b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A02E622F0C68689DB758B6990A47BA7BA9FF85788F044135DA8FA3766DF2CD441C700
                                                                                                                                                                                                                                Function 00007FF7868A5C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5CB5
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A561C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF78689A94F,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689A979
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF78689A94F,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689A99E
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5CA4
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A567C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F1A
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F2B
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F3C
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7868A617C), ref: 00007FF7868A5F63
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4070488512-0
                                                                                                                                                                                                                                • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                • Instruction ID: f269eb636b40f83b90217a0a694437bb284b441e3b7b8fbbe173de4a4873b2e5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD1E522A0820266E721BF22DC515BBA752FF44795FE48135DE0D47A85EF3CECA1C362
                                                                                                                                                                                                                                Function 00007FF78689A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                • Instruction ID: 6d4fd482c85bd7a40884fcf087a0e9f48c4e323a183cd58a4507cfbaac2abe28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10316436618B8196D760DF25EC402AFB3A4FB88754FA40136EA8D43B58EF3CD555CB10
                                                                                                                                                                                                                                Function 00007FF7868A18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                • Instruction ID: 64cdd60047b320c9d8144e239ccdc5194dddd32b31bbcd7269d75422acd347b7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CB1A422B1869251EA60AB629D001BBE3A1FB44BE5FE45131DE9D17BC5EF3CEC61C311
                                                                                                                                                                                                                                Function 00007FFD93A962C0 Relevance: 6.6, APIs: 5, Instructions: 360COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                                                                • Opcode ID: 304fba770c544ede7452a4061ca79efafbc2549250430ea71847b1f8e5c244b1
                                                                                                                                                                                                                                • Instruction ID: a1718316abb965b48a96b5753b6f498a638f6c09250ee14b6ee58b39d693a099
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 304fba770c544ede7452a4061ca79efafbc2549250430ea71847b1f8e5c244b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E1E2327087818AE7A08F65D0607BD67A9FB59BD4F048036EE4E637A5DE3DE4458300
                                                                                                                                                                                                                                Function 00007FFD93A8B310 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 365COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: $3|r<$recovered %d frames from WAL file %s
                                                                                                                                                                                                                                • API String ID: 0-1402342672
                                                                                                                                                                                                                                • Opcode ID: e861627ede029ef82ed544f90b725bedb9688ef63eb3848f841ee36d924a6481
                                                                                                                                                                                                                                • Instruction ID: 94dfe0811a62041711153cc370d5a605537d67f24a8959077a008794e658ae62
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e861627ede029ef82ed544f90b725bedb9688ef63eb3848f841ee36d924a6481
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1F17C32B0878687E7709F69E05076E77A5FB84B88F114035DA8E97B58DF38E845CB40
                                                                                                                                                                                                                                Function 00007FFD93A8BB70 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: 3|r<
                                                                                                                                                                                                                                • API String ID: 438689982-173920056
                                                                                                                                                                                                                                • Opcode ID: 0a3d5c46c7ca0ff3dbcdf92da49a220ed4c5ea0f1776636bee938e1d01fe2379
                                                                                                                                                                                                                                • Instruction ID: 137230afb533b4de8bdf72114d573d705731c50e1cc45c25da2d7fcd0b75edab
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a3d5c46c7ca0ff3dbcdf92da49a220ed4c5ea0f1776636bee938e1d01fe2379
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D7114B2B0869597DA30DF85E0602BA77A5F798B88F845136EB8E13745EF3CE551C700
                                                                                                                                                                                                                                Function 00007FF7868A5EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F1A
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A567C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F2B
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A561C
                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7868A5F3C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868A5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868A564C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7868A617C), ref: 00007FF7868A5F63
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3458911817-0
                                                                                                                                                                                                                                • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                • Instruction ID: d85df6983de4796410c255be07c94f9412824f40e8ee58feaf04f3c59d629aad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF51C631A08642A6E750FF32EC915ABE761BB48785FE04135DE0D43A96DF3CE8A1C761
                                                                                                                                                                                                                                Function 00007FFD9E852EB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3398881311.00007FFD9E851000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFD9E850000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398785576.00007FFD9E850000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398898607.00007FFD9E854000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398913456.00007FFD9E855000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398946159.00007FFD9E856000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd9e850000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wassert
                                                                                                                                                                                                                                • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                                                • API String ID: 3234217646-1106498308
                                                                                                                                                                                                                                • Opcode ID: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                                                • Instruction ID: 8bea2851e0bdfec3e2aa945531b822ce75ff5251020bfa4cdc338780061966b2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96f1c7f081ec5b5f110a8a436ffb5769e61779f6ca8b250aca86d5a0fd4485a4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56E1294210D6D008C7168FB590206FE7FF0DB5FA59F4D81B6EBE94E58BD908C254EB2A
                                                                                                                                                                                                                                Function 00007FF786885820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885830
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885842
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885879
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688588B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858A4
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858B6
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858CF
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858E1
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868858FD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688590F
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688592B
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688593D
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885959
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF78688596B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885987
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF786885999
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868859B5
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF7868864BF,?,00007FF78688336E), ref: 00007FF7868859C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                • API String ID: 199729137-653951865
                                                                                                                                                                                                                                • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                • Instruction ID: ce75427a784e0e5f74f45ae2c3caa6ddfef49f28481a8729d3e78feca5847dff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34229524A49B47B5FA95BB56AD50277A3A1BF04B56FE41035CC1E02360EF7CED78C222
                                                                                                                                                                                                                                Function 00007FF7868876B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                • Instruction ID: b7e6c0f7080c5394b129f1579ef3379d0b18bf695f598663895e5abb30fe5253
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C02A42090DB07B4EA54BB56AD505BBA361BF04B56FF41031D95E422A0EF7CFD68C232
                                                                                                                                                                                                                                Function 00007FFD93B1FEF0 Relevance: 27.2, APIs: 1, Strings: 17, Instructions: 234COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93ABB0F0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFD93B25B2A,?,?,?,?,?,00007FFD93ABAE92), ref: 00007FFD93ABB298
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93ABABE0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FFD93AB532C), ref: 00007FFD93ABAD4A
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93ABABE0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FFD93AB532C), ref: 00007FFD93ABADD6
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140 ref: 00007FFD93B20272
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: 3|r<$FILTER clause may only be used with aggregate window functions$L$RANGE with offset PRECEDING/FOLLOWING requires one ORDER BY expression$U$U$Y$Z$Z$cume_dist$dense_rank$lag$lead$ntile$percent_rank$rank$row_number
                                                                                                                                                                                                                                • API String ID: 3510742995-1130053682
                                                                                                                                                                                                                                • Opcode ID: d0f794e3eba2dab1105ba4e45b31467616ee0780e0801c169732da2678dcebd2
                                                                                                                                                                                                                                • Instruction ID: 808a17be3f3827ad8054610119396dc32bb9a27030f7b8cd725cea2097591f2a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f794e3eba2dab1105ba4e45b31467616ee0780e0801c169732da2678dcebd2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CB16C72B09B819AE770CFA5D86026A37A9FB59748F004235DB9D17B95DF7CE064CB00
                                                                                                                                                                                                                                Function 00007FF7868881C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7868845E4,00000000,00007FF786881985), ref: 00007FF786889439
                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7868888A7,?,?,00000000,00007FF786883CBB), ref: 00007FF78688821C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882810: MessageBoxW.USER32 ref: 00007FF7868828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                • Instruction ID: dab16422224a87450ab669de7dcf317e36ac18fc6b551cc608f837afce2e92d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6051B851A18642B5FB60FB25EC512BBE291FF94B81FE44031DA0E866D5EF2CEC24C760
                                                                                                                                                                                                                                Function 00007FF786881600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                • Opcode ID: 0a87ee3060ec78e21d6c2d3bfc048a27d307e8fd5641d8a78f43b3b0b6daa239
                                                                                                                                                                                                                                • Instruction ID: 1ffdf0340a463e01c4bc35ad65cebf53aa21542038603b3c6465b969e06ec171
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a87ee3060ec78e21d6c2d3bfc048a27d307e8fd5641d8a78f43b3b0b6daa239
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3151AE21B18643A6EA10BB129C015ABE3A1BF44B94FE44135EE8C47796EF3CFD65C760
                                                                                                                                                                                                                                Function 00007FFDA32F2650 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399773954.00007FFDA32F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFDA32F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399757109.00007FFDA32F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399790328.00007FFDA32F3000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399805937.00007FFDA32F4000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399820426.00007FFDA32F5000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda32f0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _aligned_free$_aligned_malloc_wassertcallocfree
                                                                                                                                                                                                                                • String ID: block_len < 256$block_len > 0$src/raw_ctr.c$src/raw_ctr.c
                                                                                                                                                                                                                                • API String ID: 592997318-2016502466
                                                                                                                                                                                                                                • Opcode ID: 0feb0811099df3945d27071898244650c3f4633db531f857b0110dcc02f97b31
                                                                                                                                                                                                                                • Instruction ID: d7a05e154b4087436aa91da66bef91f8e08ff7923aacb440fbb23df3fd4d01ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0feb0811099df3945d27071898244650c3f4633db531f857b0110dcc02f97b31
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91715936B0AB81D6EA248B15F85036973A2FB49B84F444035DE8D63B59DF3EE474C718
                                                                                                                                                                                                                                Function 00007FFD93BE4804 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                                • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                                • Opcode ID: cf64f6b9ab75cd253386f0f7453e80a2405618faa649494653d4230b278f9e28
                                                                                                                                                                                                                                • Instruction ID: abb69137ffc2b640c23714e21a0d7849e3b0b0bc8f08c29f36b494cd91cc1b3a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf64f6b9ab75cd253386f0f7453e80a2405618faa649494653d4230b278f9e28
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12415039B0C64385EA348B99E87023A63A9AF85B89F540036C9CD67754DF2DE4449392
                                                                                                                                                                                                                                Function 00007FFD93BE11B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                                • Opcode ID: 7d9693cf2d06923f90061d591c3b8a3e1c636af1e984342259c0b7d751c99e14
                                                                                                                                                                                                                                • Instruction ID: 09014b6125d8d7a6e1979ba7db6a27968748a59a67c5db4df22968d7a1a5da1d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d9693cf2d06923f90061d591c3b8a3e1c636af1e984342259c0b7d751c99e14
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1951B465F0C24382FB708BADD83067D6399AF51BC8F645131DACDABB85DE1CE4419782
                                                                                                                                                                                                                                Function 00007FFD93BE43F0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                                • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                                • Opcode ID: a3cef0d0996400cfa83e251a2d781e139d471a14dd81ecf0aeeb3af5fef58597
                                                                                                                                                                                                                                • Instruction ID: b1976c8faab39890873ab38fef192c10a864918a02828d3a5f309d41da760b22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3cef0d0996400cfa83e251a2d781e139d471a14dd81ecf0aeeb3af5fef58597
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F441C872B08A8281EB358B59D8303B923A9FF85B98F444235D9AE276C4DF3CE545C341
                                                                                                                                                                                                                                Function 00007FF7868880B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                • Instruction ID: dbecf21c6b57b83a82042a90f62d88acd9b0bd1f3a952b3370318b3d4cdbe5f8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6021D365B09A4292E751AB7AAD4417BE251FF88F91FA84130DE2D473D4DE2CDDA0C321
                                                                                                                                                                                                                                Function 00007FFD93AEA080 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 384COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                                                                                                                                                                • API String ID: 0-3733955532
                                                                                                                                                                                                                                • Opcode ID: e6e244be7666b45d99bae25022c0e031ba85be269f228b47f038ce02bb037d34
                                                                                                                                                                                                                                • Instruction ID: 57d8dcc8fb170de21df646dd444289f718593b644d07b38115f9ae4d3793b780
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6e244be7666b45d99bae25022c0e031ba85be269f228b47f038ce02bb037d34
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6702B125B09A8281EA35DBA9E4742B977ACFF45B89F484135CE9F663A0DF3CE444C341
                                                                                                                                                                                                                                Function 00007FFD9E851030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3398881311.00007FFD9E851000.00000020.00000001.01000000.00000028.sdmp, Offset: 00007FFD9E850000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398785576.00007FFD9E850000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398898607.00007FFD9E854000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398913456.00007FFD9E855000.00000004.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398946159.00007FFD9E856000.00000002.00000001.01000000.00000028.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd9e850000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                                                • Instruction ID: fff26e05a2b80b3da8de39fe7a6d183dcc667b71224645fc9b15a37d97ce4d38
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B819F21F0CA4386FB70ABE694F12B926D0AFD5B80F8445B5D90D87796DF3CE80587A0
                                                                                                                                                                                                                                Function 00007FFD9E841030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3398726014.00007FFD9E841000.00000020.00000001.01000000.00000029.sdmp, Offset: 00007FFD9E840000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398673718.00007FFD9E840000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398743429.00007FFD9E846000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3398761417.00007FFD9E84B000.00000002.00000001.01000000.00000029.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd9e840000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                                                • Instruction ID: 8fd7f84bed4fd0a40707217a58bcf700a07841b28899b5ca356dc1c53f95303c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51816AA1F1C24786FA70ABE694E12B96690EFDDB80F444335D90D87796FE3CE8458720
                                                                                                                                                                                                                                Function 00007FFDA32F1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399773954.00007FFDA32F1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFDA32F0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399757109.00007FFDA32F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399790328.00007FFDA32F3000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399805937.00007FFDA32F4000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399820426.00007FFDA32F5000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda32f0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                • Opcode ID: a8949dbd94157f52c715e3a2c1859cda40e32930befb75e85101528a9057b2a9
                                                                                                                                                                                                                                • Instruction ID: 19634f518242dbc2109400f52929cd8fc2eaeca21bbe27ee103b3444049fae12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8949dbd94157f52c715e3a2c1859cda40e32930befb75e85101528a9057b2a9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA819E20F0F247C6FA54AB66947127A2292AF85B80F844135DA0D6779FDF3FF4258B08
                                                                                                                                                                                                                                Function 00007FFDA3531030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                • Opcode ID: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                                                                                                                • Instruction ID: 8417b7a916414039eda7ea204f04b799eb50fc546a64740c67e8f01a52e9a87c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E481B221F0E68346F65ABB7E94712B912A3AF45780F044C35E90DA7797DF3EE6418708
                                                                                                                                                                                                                                Function 00007FFD93BE2740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                • Instruction ID: 0af43ab89aaedb57407559e23c355404633559058762ff74112432f63f8f8be7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3981B021F0C64746FA74BBEDD4712BD22A8AF85788F448035D9CD6B396DE3CE8458782
                                                                                                                                                                                                                                Function 00007FFDA3532170 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$_wassert
                                                                                                                                                                                                                                • String ID: (direction == DirEncrypt) || (direction == DirDecrypt)$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c$src/raw_cfb.c
                                                                                                                                                                                                                                • API String ID: 4178124637-3209691050
                                                                                                                                                                                                                                • Opcode ID: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                                                                                                                • Instruction ID: ffcc1e8c9a8b420cee1007e89083716fc8dbc9e365c1a8a798a666782ed8c001
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A610472B1ABC582E7168B29F4206696B62FB95BC4F008A31DF9C63B46DF3DE551C304
                                                                                                                                                                                                                                Function 00007FFD93BE45B4 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                                • Opcode ID: 63a51ef3fb3b37699c37d838a5587871e01ab33192532b5daca7f17e7c8dcafb
                                                                                                                                                                                                                                • Instruction ID: 42f94b0b146b46fe4f364f97c8875e12e5943285a1d6cfd7095e3b55e2c3c027
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63a51ef3fb3b37699c37d838a5587871e01ab33192532b5daca7f17e7c8dcafb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0213331F08A4396EB308F99E86417A2368FF54B8CF454172D98D67668DF2DE445C742
                                                                                                                                                                                                                                Function 00007FFD93AB0670 Relevance: 15.5, APIs: 1, Strings: 9, Instructions: 487COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: 3|r<$cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                                                                • API String ID: 2221118986-3955620218
                                                                                                                                                                                                                                • Opcode ID: 03897e441df2d862a11abd7c571b6c08745252c109b0439b73eca122056b4575
                                                                                                                                                                                                                                • Instruction ID: 122db2fd7c05d0a36f3864c91b9be59f3be2fb0bcb983710d6aa89a2b8a6c83a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03897e441df2d862a11abd7c571b6c08745252c109b0439b73eca122056b4575
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE328C72B08B818AEB64CFA6D4A06BD37B8FB45B88F504235DA8D67795DF38E550C700
                                                                                                                                                                                                                                Function 00007FFD93AA8CC0 Relevance: 15.3, APIs: 2, Strings: 8, Instructions: 333COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                                • API String ID: 3510742995-875588658
                                                                                                                                                                                                                                • Opcode ID: 16d008353a86a17181fc82ee59aa0570df11fdf5eee4c13a673956b181233919
                                                                                                                                                                                                                                • Instruction ID: cf1c891473dac5b300e239fecf3154f71bba9c1c605f0a8233f790499a1f1a2e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16d008353a86a17181fc82ee59aa0570df11fdf5eee4c13a673956b181233919
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6E18123F0868699FB70CBA5D4643BC27AAAB04798F40413ADE4EB7695DF3CE845C341
                                                                                                                                                                                                                                Function 00007FFD93AC4AB0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 325COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Cannot add a UNIQUE column, xrefs: 00007FFD93AC4BE3
                                                                                                                                                                                                                                • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*', xrefs: 00007FFD93AC4F91
                                                                                                                                                                                                                                • cannot add a STORED column, xrefs: 00007FFD93AC4DB4
                                                                                                                                                                                                                                • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFD93AC4C55
                                                                                                                                                                                                                                • Cannot add a column with non-constant default, xrefs: 00007FFD93AC4CAF
                                                                                                                                                                                                                                • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFD93AC4C33
                                                                                                                                                                                                                                • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFD93AC4E5C
                                                                                                                                                                                                                                • Cannot add a PRIMARY KEY column, xrefs: 00007FFD93AC4BC8
                                                                                                                                                                                                                                • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFD93AC4C3D, 00007FFD93AC4CB9, 00007FFD93AC4DC3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*'$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                                                • API String ID: 3510742995-3865411212
                                                                                                                                                                                                                                • Opcode ID: 6145248e7b04b0619e5a8fcb440d0d42fd806850070c73835079349b62662a14
                                                                                                                                                                                                                                • Instruction ID: 8a172baeb63db0eee25b688047cea030fc6ce2a8ba2ffc2c49f071ca768f2654
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6145248e7b04b0619e5a8fcb440d0d42fd806850070c73835079349b62662a14
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62E1AC22B09B8281EB76EB99D5647BA27A9FB44BC8F054131CE8D677A5DF3CE411C304
                                                                                                                                                                                                                                Function 00007FF786896300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: -$:$f$p$p
                                                                                                                                                                                                                                • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                • Instruction ID: 11f983cfab09e40dcd94958a0f2ec509d6fccee5f44fc3d70b49902cb7dfe7ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1127061A0C153A6FB247B149954A7BF6A1FB40750FE84135E68E46AC4EB3CFDE0DB20
                                                                                                                                                                                                                                Function 00007FF786891038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                • Instruction ID: b2e8acd4dbe8837da0b47fc2a0965fbe87dee985d8d36ab0021dc6111c1598ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4125E32E0C143A5FB24BA55E85467BA262FB41754FE84035E6DD46BC4EB7CF8A0DB20
                                                                                                                                                                                                                                Function 00007FFD93A7F9D0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: new[]
                                                                                                                                                                                                                                • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                                                                • API String ID: 4059295235-3840279414
                                                                                                                                                                                                                                • Opcode ID: 407565720c01e4f4dae024f18073d7389dd2ad845b77d27617bea5722536b943
                                                                                                                                                                                                                                • Instruction ID: 87484a8bbf4226a1919a508af888b738ee6b95087fbc3500f3e53a7872ba4d78
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 407565720c01e4f4dae024f18073d7389dd2ad845b77d27617bea5722536b943
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08510321F0C68645FB359BE5A4B16BA6799EF84F8CF484035DE4F23686DE3CE5458300
                                                                                                                                                                                                                                Function 00007FF786881050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                • Opcode ID: e30da66bd449e278f4e1a8a1da43a6fc232ee02027dbecaf9a0becaf305aee32
                                                                                                                                                                                                                                • Instruction ID: 5856060444445bedea1e9987b49ab4bc4e4e4ed5f2f7d2cff03340908795a096
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e30da66bd449e278f4e1a8a1da43a6fc232ee02027dbecaf9a0becaf305aee32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D416D25A18653A6EA10FB12AC006BBE391BF54FC4FE44432ED4D47796EE3CE925C760
                                                                                                                                                                                                                                Function 00007FF786888850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(?,?,00000000,00007FF786883CBB), ref: 00007FF7868888F4
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00007FF786883CBB), ref: 00007FF7868888FA
                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00007FF786883CBB), ref: 00007FF78688893C
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888A20: GetEnvironmentVariableW.KERNEL32(00007FF78688388E), ref: 00007FF786888A57
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF786888A79
                                                                                                                                                                                                                                  • Part of subcall function 00007FF7868982A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868982C1
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786882810: MessageBoxW.USER32 ref: 00007FF7868828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                • Instruction ID: e80f85e9115bd43bfd1e125a96ca807e243bdb7f044dfdcdd7aec694fa0634d8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0241A351A1864365FA20FB66AC552BB9291BF88B84FE00031DD0D4B7D6EE3CED21C721
                                                                                                                                                                                                                                Function 00007FF78688EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                • Instruction ID: 0175cd00535e90fe6745a9ce39f04f2b9fc869f4c5c34bff979055195bc0ce8e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBD19232A0874197EB20EF65E8443AEB7A0FB55B98F600135EE4D57B96DF38E860C710
                                                                                                                                                                                                                                Function 00007FFD93ACF030 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 405COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s %T already exists$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                                                                                                                                                                • API String ID: 3510742995-2846519077
                                                                                                                                                                                                                                • Opcode ID: 2d6028fd504a58bcbeaa15aec6dd8e75ddf9d79cbd95442505d2afc3243fe5d6
                                                                                                                                                                                                                                • Instruction ID: c55b28f23c3ad8a40620142addf559943e1a2502dce489655323334c6168cf56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d6028fd504a58bcbeaa15aec6dd8e75ddf9d79cbd95442505d2afc3243fe5d6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E102CC62B0878286EB64EF69D4207A937A9FB85F88F408235CE8D67795DF3CE545C700
                                                                                                                                                                                                                                Function 00007FF78689ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF78689F11A,?,?,00000271C24B6668,00007FF78689ADC3,?,?,?,00007FF78689ACBA,?,?,?,00007FF786895FAE), ref: 00007FF78689EEFC
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF78689F11A,?,?,00000271C24B6668,00007FF78689ADC3,?,?,?,00007FF78689ACBA,?,?,?,00007FF786895FAE), ref: 00007FF78689EF08
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                • Instruction ID: 09e59fd32b45a94c5035fa03d43adf9da5d58995c333a2338ba9b2e39a59e429
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41B321B19A1266EA15EB16AC0857BA791BF48B90FE84539DD1D47784EE3CFC25C320
                                                                                                                                                                                                                                Function 00007FF786882C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882C9E
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF786883706,?,00007FF786883804), ref: 00007FF786882D63
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF786882D99
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                • Instruction ID: 354b0d2f2e59e7d0e6090f44bfe78338ae979c7e36ff76cea8f0748642dfb16d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE310822708B4166E720BB21BC106ABA692BF88BC9F900135EF4D93759EF3CD916C310
                                                                                                                                                                                                                                Function 00007FFD93AF0FB0 Relevance: 12.3, APIs: 1, Strings: 7, Instructions: 331COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: 3|r<$CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
                                                                                                                                                                                                                                • API String ID: 3510742995-28684124
                                                                                                                                                                                                                                • Opcode ID: fa8406efdf9b218808a62f6da871acfc486fbd5f740cb311a2b2572159213d61
                                                                                                                                                                                                                                • Instruction ID: 785e14b091bb5c6dbeafc0cb51cf8a8177cfeb3d018a7fad6728e2d2c2b48ed7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa8406efdf9b218808a62f6da871acfc486fbd5f740cb311a2b2572159213d61
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CE1BC22F08B928AEB24DBA5C4606BD37E9FB65B98F054235CE4D67B91DF38E451C340
                                                                                                                                                                                                                                Function 00007FFD93AC5F30 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 302COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: "%w" $%Q%s
                                                                                                                                                                                                                                • API String ID: 438689982-1987291987
                                                                                                                                                                                                                                • Opcode ID: 4a1c78b13e2f01aff48856fdd1c00aa2aae5a18c99be8c7287e641d0a8497d49
                                                                                                                                                                                                                                • Instruction ID: 9e8e0e8bf5b0611b0ab91bbb3caadee53504361ceec4b0e6de4fa095995a3c2d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a1c78b13e2f01aff48856fdd1c00aa2aae5a18c99be8c7287e641d0a8497d49
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51C1B562B08B8189EA34DF9AE46027977A4FB55BA4F484235DE9E277E5DF3CE440C700
                                                                                                                                                                                                                                Function 00007FFD93A8F7C0 Relevance: 12.3, APIs: 5, Strings: 3, Instructions: 255COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: 773eb238a883d3300a3173700000ad65d033ffa64abbeb7688677eda9b870ccb
                                                                                                                                                                                                                                • Instruction ID: 603ff7ce2a2c1e5a846767007cd9a5bb27a6c35908b45e10428ab52bd176612e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 773eb238a883d3300a3173700000ad65d033ffa64abbeb7688677eda9b870ccb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AA12432B0C2D24BD7748BA9E4646BE7B99FB81784F444139DBCA93681DE3CE546C710
                                                                                                                                                                                                                                Function 00007FFD93A81A30 Relevance: 11.0, APIs: 1, Strings: 6, Instructions: 471COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$misuse
                                                                                                                                                                                                                                • API String ID: 0-3554312789
                                                                                                                                                                                                                                • Opcode ID: 803b00a4a517a302cef388af85fc7d9d96348ec889fbd731ba916e00af1c20e0
                                                                                                                                                                                                                                • Instruction ID: 48be616e8bd602a516bced8c43406cf6ba6ed1f9ff835894654b16e47ac6731f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 803b00a4a517a302cef388af85fc7d9d96348ec889fbd731ba916e00af1c20e0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E327132F09B8582EA24DF68D5642BD33A8FB94B88F149235CF8D67652DF38E595C340
                                                                                                                                                                                                                                Function 00007FFDA3531D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$_wassert
                                                                                                                                                                                                                                • String ID: @$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                                                                                                                • API String ID: 4178124637-1361193148
                                                                                                                                                                                                                                • Opcode ID: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                                                                                                                • Instruction ID: 4fe2ad64f13389f836421695f41382c28c2bca4835c2fba818990fc9cc42247e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E5103A2F16B8182EB0A9B39E4205796762FB85BD4F044A31DF8D23746EF3DE251C304
                                                                                                                                                                                                                                Function 00007FFD93BE16F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                                • Opcode ID: 75ddb3696b46489ca6549d465876fca1f165cfd7b87c949410c65a543f1dc5fb
                                                                                                                                                                                                                                • Instruction ID: 47f3a4045169fe32271ed39280d6da8c46efc506eff782fd1556ade7048351ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75ddb3696b46489ca6549d465876fca1f165cfd7b87c949410c65a543f1dc5fb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C51C666B18A5681EF788B4DD4702BC23A9FB84B88F541035DACF67790DF2CE891D391
                                                                                                                                                                                                                                Function 00007FFD93BE1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                                • Opcode ID: 6f7a0223ee0090118d1ffdd6d95c782b73d4ddee4bbf01c7b704a6e76ba36895
                                                                                                                                                                                                                                • Instruction ID: 3e0f33055c352f8d0bee0a8f9c1b6be49f95e8056b6ca64c0af3b51cf7ea4274
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f7a0223ee0090118d1ffdd6d95c782b73d4ddee4bbf01c7b704a6e76ba36895
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE41E866B1868281EB788B4EC47137923A9FB44799F541135DADF63780CF2DE890C382
                                                                                                                                                                                                                                Function 00007FF78688DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDBD
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDCB
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DDF5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DE63
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF78688DFEA,?,?,?,00007FF78688DCDC,?,?,?,00007FF78688D8D9), ref: 00007FF78688DE6F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                • Instruction ID: bd9e8b975e1c356c54e31faf7cc674de7d6d5d3142161216ff9d617bde7497ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C316121B1AA42A5EE52AB12AC00576E394FF58FA0FB94535ED1D47784EF3CE864C720
                                                                                                                                                                                                                                Function 00007FF786882A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF78688351A,?,00000000,00007FF786883F23), ref: 00007FF786882AA0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                • Instruction ID: 75da2a18e35ea2fbdc216ba120d0993621886b892c6cd49cdd0867d5e8c4c1ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE218132A18782A6E720EB51BC817E7A7A4FB887C4F900132EE8D53659DF3CDA55C750
                                                                                                                                                                                                                                Function 00007FF786888760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 995526605-0
                                                                                                                                                                                                                                • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                • Instruction ID: 737e1cc9e312d5382d2dd48a68685e994e9840502e45c352efb8c21d7b852d4f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5219131A0C64352EB10AB55F85023BE7A1FF85BA1FA00235EAAD47AE4DF7CD864C710
                                                                                                                                                                                                                                Function 00007FF78689B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                • Instruction ID: e68434411429e203eee3280b112217bf10f4a093fff05d38d5bed55016097dac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28216020E0C2466AF66877A15E5513FE142BF487A0FB44634E83E06AD6EE3CBC20C320
                                                                                                                                                                                                                                Function 00007FF7868A7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                • Instruction ID: fba6de0e6791b03a0d2e21769cdaaa59ae50f350ebfe17d143e8542a6c8ca807
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08118121B18A419AE350AB52FC5432AA7A5FB88FE5FA00234EE5D87794DF3CDC24C751
                                                                                                                                                                                                                                Function 00007FFD93BE1150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _PyArg_CheckPositional.PYTHON312 ref: 00007FFD93BE3607
                                                                                                                                                                                                                                • _PyArg_BadArgument.PYTHON312 ref: 00007FFD93BE363A
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93BE11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFD93BE11E2
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93BE11B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFD93BE11FA
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93BE11B0: PyType_IsSubtype.PYTHON312 ref: 00007FFD93BE121D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                                • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                                • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                • Instruction ID: 2fa834e36b09aee44250c05d07724a3d235f2d9f33d64110fc85dc1b743de89d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48118861F0CA8294EB708B99E5A16B92364EF44FC8F558032D94D2B754DF2CD584D782
                                                                                                                                                                                                                                Function 00007FFD93AABBA4 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 354COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$cannot open savepoint - SQL statements in progress$cannot release savepoint - SQL statements in progress$no such savepoint: %s$statement aborts at %d: [%s] %s
                                                                                                                                                                                                                                • API String ID: 3510742995-2526444651
                                                                                                                                                                                                                                • Opcode ID: c9d744cff9dc738ede1e2a386e920d6a7cb1c7740c9bf092cb904dc52b4c502a
                                                                                                                                                                                                                                • Instruction ID: ac02f181069b65cdb2590b1e2136509ff956dbdf146634ee03272607cc9c6a37
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9d744cff9dc738ede1e2a386e920d6a7cb1c7740c9bf092cb904dc52b4c502a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55F1DD32B0869686EB74CB96D46467E6BE9FB45B88F010035DA4DA7B95CF3DE841CB00
                                                                                                                                                                                                                                Function 00007FFD93AD3430 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 330COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • foreign key on %s should reference only one column of table %T, xrefs: 00007FFD93AD34B5
                                                                                                                                                                                                                                • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00007FFD93AD34DE
                                                                                                                                                                                                                                • unknown column "%s" in foreign key definition, xrefs: 00007FFD93AD37CC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                                                • API String ID: 438689982-272990098
                                                                                                                                                                                                                                • Opcode ID: d33b407a10e7d0ad13c26d0ca43705fecfafde5626fadbf1de958564b7d48643
                                                                                                                                                                                                                                • Instruction ID: a136766f634a0f748bbe00c280f88d00d9ccd3d0371f659c87c120eb717fcc63
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d33b407a10e7d0ad13c26d0ca43705fecfafde5626fadbf1de958564b7d48643
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBD1EF62F09B8282EB71CB9694646BE6BA9FB45B84F444235DE6E237C5DF3CE441C300
                                                                                                                                                                                                                                Function 00007FFD93ABDF70 Relevance: 9.3, APIs: 2, Strings: 4, Instructions: 309COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %sSCALAR SUBQUERY %d$CORRELATED $Expression tree is too large (maximum depth %d)$REUSE SUBQUERY %d
                                                                                                                                                                                                                                • API String ID: 0-875495356
                                                                                                                                                                                                                                • Opcode ID: 10ff3258e64045ebdc24c4453d9eddf26351157b953658b18b77b9d73fe27bc8
                                                                                                                                                                                                                                • Instruction ID: 93fd64a979abedd9c640aa5156e7c5199086b62efb093e7d57c904375cf60b0d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10ff3258e64045ebdc24c4453d9eddf26351157b953658b18b77b9d73fe27bc8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01D11072B087818BE764CF65E5606AA77A9FB85788F008235DB8D53B85DF3CE4A0C700
                                                                                                                                                                                                                                Function 00007FFD93AA6B10 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 278COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                                                • API String ID: 3510742995-774319783
                                                                                                                                                                                                                                • Opcode ID: c1f2e72d02041f634680d4dfe94196d23bd266405e708ce222b3484ffe9b10a2
                                                                                                                                                                                                                                • Instruction ID: e04bd94296e6e705e856724fe21aaec4ceecd235fa0718f48aed0a6390395658
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1f2e72d02041f634680d4dfe94196d23bd266405e708ce222b3484ffe9b10a2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE18027F09BC585E6258B68C6143FC6365FBA9B48F14A235DF9C63262EF38E1D58300
                                                                                                                                                                                                                                Function 00007FFD93A93D20 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 260COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 438689982-3764764234
                                                                                                                                                                                                                                • Opcode ID: 5ead039ea019e468920b661798225550cc5a4065f9c0ad80161278c7ae253c2a
                                                                                                                                                                                                                                • Instruction ID: 8d5a1924a2c20480a759547c1a92f465166cd1b912d0248d28175b89215d8bf0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ead039ea019e468920b661798225550cc5a4065f9c0ad80161278c7ae253c2a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97B18D32B0869686D774CBAAE064A7AB7A9FB48B84F014135DE4D67B95DF3DE840C700
                                                                                                                                                                                                                                Function 00007FFD93AC4FD0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 215COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                                                • API String ID: 438689982-2063813899
                                                                                                                                                                                                                                • Opcode ID: 8e8ac9e6f7f0d28725a8b423da150783deef510d0755ecfafaba6123535020db
                                                                                                                                                                                                                                • Instruction ID: 5505e19d496db90eaf36e1776dec4c1072ad55cd777e29c6fd8ebfd73c69723a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e8ac9e6f7f0d28725a8b423da150783deef510d0755ecfafaba6123535020db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3891D262B09B8186EB64DF8AD4602B977E9FB44B84F454235EE8D57745EF3CD040C700
                                                                                                                                                                                                                                Function 00007FFD93A97550 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: b54bf69e1c0dc6cc5a72606d325a52d63276ec7ca94d9395c62e311e087d0bff
                                                                                                                                                                                                                                • Instruction ID: 95d278c1a50fc1b9b1c2cf0419e7155555fef5e79f9db1f69231e4ba2114a389
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b54bf69e1c0dc6cc5a72606d325a52d63276ec7ca94d9395c62e311e087d0bff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D910263B086C586CB30CB69D8902AABBA8FB44B88F448132DF8D63B15DF3DD555C750
                                                                                                                                                                                                                                Function 00007FFD93A96920 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 211COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: 5c8ce51fa707764a8e0a8837a4120c8c93d1f4c97d6294696cbe41477e748cd0
                                                                                                                                                                                                                                • Instruction ID: 61c58e4ae5d8751f8655ca53992241cbb19437e5fbf1e79039ba5854f914d46e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c8ce51fa707764a8e0a8837a4120c8c93d1f4c97d6294696cbe41477e748cd0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F91E572B082C19ADB24CB66D5602BD77E8FB40B94F048136DB8DA7AA5DF3CE564C740
                                                                                                                                                                                                                                Function 00007FF786888560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF786889216), ref: 00007FF786888592
                                                                                                                                                                                                                                • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868885E9
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786889400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7868845E4,00000000,00007FF786881985), ref: 00007FF786889439
                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF786888678
                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868886E4
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF7868886F5
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF786889216), ref: 00007FF78688870A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3462794448-0
                                                                                                                                                                                                                                • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                                                • Instruction ID: 87f552efd3625441346ac1bde6f992750101ce7c8356770f3e7217aeb4f7d7d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3641B562B1868255EA30BB11AD446ABA3A4FF84FC4F944035DF4D97B89DF3CE911C720
                                                                                                                                                                                                                                Function 00007FF7868890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetCurrentProcess.KERNEL32 ref: 00007FF786888780
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: OpenProcessToken.ADVAPI32 ref: 00007FF786888793
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetTokenInformation.ADVAPI32 ref: 00007FF7868887B8
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetLastError.KERNEL32 ref: 00007FF7868887C2
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: GetTokenInformation.ADVAPI32 ref: 00007FF786888802
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF78688881E
                                                                                                                                                                                                                                  • Part of subcall function 00007FF786888760: CloseHandle.KERNEL32 ref: 00007FF786888836
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00007FF786883C55), ref: 00007FF78688916C
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00007FF786883C55), ref: 00007FF786889175
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                • Instruction ID: ef3bf6fad5dbd0aa3349c71074ff84d0aa20490984f6e11aa704c6540b5942df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA214F25A08742A5FA10BB11ED153EBA265FF84B80FE44031EA4D53B86DF3CEC15C760
                                                                                                                                                                                                                                Function 00007FF78689B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B347
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B37D
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3AA
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3BB
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3CC
                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF786894F81,?,?,?,?,00007FF78689A4FA,?,?,?,?,00007FF7868971FF), ref: 00007FF78689B3E7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                • Instruction ID: d973d0eb85e2775bd28e3ce22eec01055da7de951f7a618c7075c8d04d351cf2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C112F20A0C642ABF758B7315E5513FE1867F447A0FB48734D86E46AD6EE2CBC21D321
                                                                                                                                                                                                                                Function 00007FFDA3531F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$_wassert
                                                                                                                                                                                                                                • String ID: cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                                                                                                                • API String ID: 4178124637-977067101
                                                                                                                                                                                                                                • Opcode ID: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                                                                                                                • Instruction ID: 086777cd43012905f4f91702625a2eabf9b1b9c26ff020de50304e8d310add93
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E5137A2F06FD182E60A8B2DE4245A96761FB54FD4F048A31DF9823B46EF3CD196C304
                                                                                                                                                                                                                                Function 00007FF786882910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF786881B6A), ref: 00007FF78688295E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                • Instruction ID: c53cf0ca2dd6ffdd1027e49762a4549e9f1a0e165130f18d4361c15acb5e1f0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF310822B1868166E720B761BC416E7A295BF88BD4F900132FE8D83759EF3CD966C310
                                                                                                                                                                                                                                Function 00007FF786882B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF78688918F,?,00007FF786883C55), ref: 00007FF786882BA0
                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF786882C2A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                • Instruction ID: fc67fdc945d40235a9f4750c750f646c2808b8f9528543974b28c7f8085a8d23
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A321D162708B41A6E710AB15F8447ABB7A4FB887C4F900132EE8D53659DE3CDA25C750
                                                                                                                                                                                                                                Function 00007FF786882710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF786881B99), ref: 00007FF786882760
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                • Instruction ID: 1fc03723e7ae4b43991be68509645ee2bb179d24d2abfe68550d8f393fdcc785
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8218132A18781A6E720EB51BC817E7A7A4FB887C4F900131EE8D53659DF3CD955C750
                                                                                                                                                                                                                                Function 00007FFD93BE4C58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                • String ID: not a numeric character
                                                                                                                                                                                                                                • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                • Opcode ID: 7ac3b2fdf3478d2374b08fe415c3a12b63c61252479e25d1cab849eb02e47f53
                                                                                                                                                                                                                                • Instruction ID: 6616c186622aedbef8a5fca8ba9d598a0656a278a136d6c84ee0d50e4c70b415
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ac3b2fdf3478d2374b08fe415c3a12b63c61252479e25d1cab849eb02e47f53
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24216021F0C96281EB758BADD43013A63E8AF44B8CF148431CA9E77754DF6CE8859782
                                                                                                                                                                                                                                Function 00007FFD93BE4354 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                • String ID: not a decimal
                                                                                                                                                                                                                                • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                • Opcode ID: babd95680f3a021cdbe90a8980b0a1372c723c98da362c4ed99ce49efb4cea9f
                                                                                                                                                                                                                                • Instruction ID: e55f3e7bc9d7d20291e935c13b297c51923decac94a8cdfdf791cf36ac9bc32d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: babd95680f3a021cdbe90a8980b0a1372c723c98da362c4ed99ce49efb4cea9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5115425B0864281FB758F9EE47413E6399EF44B8CF844435CA8EA7654DF2CE9548382
                                                                                                                                                                                                                                Function 00007FFD93BE4BA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                                • Opcode ID: bbdd109889d573d2d770b99f749a56ec45e44fab925d66d6427c2491f45a32cb
                                                                                                                                                                                                                                • Instruction ID: 4b9466f709e10c5f9e54bfc044ca5159221548d1bcb5f759ad9d303b8f1ce444
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbdd109889d573d2d770b99f749a56ec45e44fab925d66d6427c2491f45a32cb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0111B231B08A9685EB309F9AE8501AA7328FB44BC8F484032DA8D67754CF3DE585C341
                                                                                                                                                                                                                                Function 00007FFD93BE42A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                                • Opcode ID: 1e4fff75323d13296d4f9873b31303b2eb894daa88b12eee96b04a04f0936518
                                                                                                                                                                                                                                • Instruction ID: b3ce495a93a727c39b3d111b22c66ef4453668ff589fb47e1a46a187ec72eb03
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e4fff75323d13296d4f9873b31303b2eb894daa88b12eee96b04a04f0936518
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52118231F08A8286EB70DF9AE4511AE7368EB84B88F984032DA9D67755CF3CE585C741
                                                                                                                                                                                                                                Function 00007FFD93BE41B4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                                • Opcode ID: 23a79bd7f21a28e7400453b17a2d46dedd5221c58aaec7069aa9642920e7cd67
                                                                                                                                                                                                                                • Instruction ID: 278469b40308388a15c13e03cdcd80681bdfcdda37a3655a21815f6814cab861
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23a79bd7f21a28e7400453b17a2d46dedd5221c58aaec7069aa9642920e7cd67
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF01F720F0CA4381EE348BD9E8700BA23A8FF4974CF400631C58D67280CE3CE9848392
                                                                                                                                                                                                                                Function 00007FFD93BE2630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                • Opcode ID: 89b48c636968bcc96ff5c1323bcf06e5fb317347bf56e69214e0fa8ba2ac5adf
                                                                                                                                                                                                                                • Instruction ID: aee1c7ba326e990ee55e523e0fb1788f78f1bb9f2ad0114f87d890185e2e3ffd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89b48c636968bcc96ff5c1323bcf06e5fb317347bf56e69214e0fa8ba2ac5adf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03F03125B09B4795EB355B99E42407863ACBF08788F441436C8CE26354EF3CE044C3D2
                                                                                                                                                                                                                                Function 00007FF786899AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                • Instruction ID: b017633bd496a61cec96040c0e4381d273a6e12fb44abfc8e903c4988d0ff04a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEF04F21A09606A1EA10AB25AC5537BA361BF45762FE80235DA6E461E4DF2CE854C321
                                                                                                                                                                                                                                Function 00007FFD93AAB052 Relevance: 8.0, APIs: 1, Strings: 4, Instructions: 485COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                                                                • API String ID: 3510742995-1759904473
                                                                                                                                                                                                                                • Opcode ID: c10001b18d4b9dfcf1cf0e985a24e71068a2eefeee13fc4e9f3a977b5c8b3c96
                                                                                                                                                                                                                                • Instruction ID: 376228d30328cc99bfb803c79236c05a07cbcad658c7018d7e23dc4a1ab59549
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c10001b18d4b9dfcf1cf0e985a24e71068a2eefeee13fc4e9f3a977b5c8b3c96
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0326033B0868286E724CFA6D46427D77EAFB45B88F104136DA4DA7B95DF39E841CB40
                                                                                                                                                                                                                                Function 00007FFD93A99CD0 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: 7ecc235ea456a3517d98c30b4aafd094949fe84128b0cda5505748e299ff0bcd
                                                                                                                                                                                                                                • Instruction ID: 05311905e823af7b81c1a1c13e9b3b75ed60c2bd0e96a39d08d874401db84e1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ecc235ea456a3517d98c30b4aafd094949fe84128b0cda5505748e299ff0bcd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4F1D422B086A296EB34CBA5D4606BD27E9FB04B98F144136DE4D77794DF3CE881C341
                                                                                                                                                                                                                                Function 00007FFD93B0AB30 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 381COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                                                                                                                                                                                                                • API String ID: 3510742995-1299490920
                                                                                                                                                                                                                                • Opcode ID: 2623641340c733b794af5866e5bcb4bdb6316ec65f5e7f2dcf12a73dcdb92bb2
                                                                                                                                                                                                                                • Instruction ID: 9107c2fbf6d4cfce602ebdb9601c031109b543bfaf683f04025f22608388c58b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2623641340c733b794af5866e5bcb4bdb6316ec65f5e7f2dcf12a73dcdb92bb2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F1CD72B08B8281EB60CB95D5A437A77A9FB44B98F444236DE9E67799DF3CE441C300
                                                                                                                                                                                                                                Function 00007FFD93A8DF00 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 381COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 00007FFD93A8DF52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$3|r<$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 1475443563-3945487598
                                                                                                                                                                                                                                • Opcode ID: 62f54c23268b50f86930106d177abfa006e42ef718a6c5b789f12609d796c0a1
                                                                                                                                                                                                                                • Instruction ID: 5659b883db4b9fc56d7f86311ff5eba8640756219f1b88850d6a9a2238163537
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62f54c23268b50f86930106d177abfa006e42ef718a6c5b789f12609d796c0a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EAF16D72B04642DBEB64CBA9D560AAD77A9FB44B88B005035DF0DA7B94DF38E825C740
                                                                                                                                                                                                                                Function 00007FFD93A9A210 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 367COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: d4e4235366397ffa4192c27ec5a3839622ea780d7ff69d8c2b7ff8da986cbc16
                                                                                                                                                                                                                                • Instruction ID: 4f34c1a50489977c783676d1e22297ff867f9aa0599686c238befb83c2d8b287
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4e4235366397ffa4192c27ec5a3839622ea780d7ff69d8c2b7ff8da986cbc16
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF1BA36708B8186D7A08B95E4547AE77A8FB85B88F108036EF8E67795DF3DE484C701
                                                                                                                                                                                                                                Function 00007FFD93A95C10 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 2221118986-3764764234
                                                                                                                                                                                                                                • Opcode ID: ba5d2802316911a7491cadce116daa97ccd6123211c9d747203731b79c4598ca
                                                                                                                                                                                                                                • Instruction ID: ee63a606586af2f3de3fdd9b68264151a3ed719fdab4bffa9eeeece883ec74b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba5d2802316911a7491cadce116daa97ccd6123211c9d747203731b79c4598ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11D1CF33B0978586DB64CF66E4256A977A8FB88B98F05803ADF8D67790DF39D441C300
                                                                                                                                                                                                                                Function 00007FFD93AF5FB0 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00000000,?,00000000,?,00000000,?,?,00000000,00007FFD93AF685C,?,?,?), ref: 00007FFD93AF6030
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,00000000,?,00000000,?,00000000,?,?,00000000,00007FFD93AF685C,?,?,?), ref: 00007FFD93AF6177
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                                                                • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                                • API String ID: 1297977491-2903559916
                                                                                                                                                                                                                                • Opcode ID: 08510bc2f91bb91ca6b150f206b5e176198501868962b9f272200c2a936f9cd2
                                                                                                                                                                                                                                • Instruction ID: ba89eac34b5706573176ca13ba85e3839a34549e67f361a4c62063ea1f77521f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08510bc2f91bb91ca6b150f206b5e176198501868962b9f272200c2a936f9cd2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9C10422F0878289EA75DB9595643B967A8FF45B98F488235DE4D277E5DF3CE401C300
                                                                                                                                                                                                                                Function 00007FFD93A992B0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: 898f60ba5d30a691837549c26709609510d03b6403a49f9c5c703c2500f0ffd9
                                                                                                                                                                                                                                • Instruction ID: a457c1cc32c80ddcb70c904fb86e7664c6f8ba5b2f92674e3beca07193577656
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 898f60ba5d30a691837549c26709609510d03b6403a49f9c5c703c2500f0ffd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F81E132B0879197E765CBA6D4647AE77AAFB48B84F00803ADB4E67791DF38E445C700
                                                                                                                                                                                                                                Function 00007FFD93A96C20 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 0-3764764234
                                                                                                                                                                                                                                • Opcode ID: d7bbc113d95c405dff7a55cfefdeaeb98036685461038bdd9bca21eed79271cd
                                                                                                                                                                                                                                • Instruction ID: 10a0bc04114179b20b03e94453c648425a43675c78f9bd8d8f40e24fddea02ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7bbc113d95c405dff7a55cfefdeaeb98036685461038bdd9bca21eed79271cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A281E122B086D15EEB308B65D1A02BE7BA8FF40B94F044136DB9977695DF3CE455C740
                                                                                                                                                                                                                                Function 00007FFD93B09480 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 158stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000001,?,00000000,00000000,00007FFD93B09718,?,?,?,00007FFD93B09AA8), ref: 00007FFD93B095D7
                                                                                                                                                                                                                                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000001,?,00000000,00000000,00007FFD93B09718,?,?,?,00007FFD93B09AA8), ref: 00007FFD93B095F1
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,00000001,?,00000000,00000000,00007FFD93B09718,?,?,?,00007FFD93B09AA8), ref: 00007FFD93B09688
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp$memcpy
                                                                                                                                                                                                                                • String ID: CRE$INS
                                                                                                                                                                                                                                • API String ID: 2549481713-4116259516
                                                                                                                                                                                                                                • Opcode ID: e12567ddb0f196b07d9f5e4ba21f0b7ea7bdba06f3ad636a4e3b0586bce67617
                                                                                                                                                                                                                                • Instruction ID: 7360bb87618108ad226cede178dfef8028d1c96d385c38155b972d9423aa9839
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e12567ddb0f196b07d9f5e4ba21f0b7ea7bdba06f3ad636a4e3b0586bce67617
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A518E21B0D74281EA749B96D47027A63AABF81FD8F544235CEDD677E9DE3DE4028340
                                                                                                                                                                                                                                Function 00007FFD93A96F20 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: b58e67e868266958ee63fae97e30cea9948d32f85de2d97240c8beaf73649289
                                                                                                                                                                                                                                • Instruction ID: 6e61ee7dcc7007707c47691561a32d238c704442da582f1e7d7cfc14749a9326
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b58e67e868266958ee63fae97e30cea9948d32f85de2d97240c8beaf73649289
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4512272708BD186CB20CB4AE4609AE7BA9F744B84F15413AEA8E23754DF3DD451CB20
                                                                                                                                                                                                                                Function 00007FFD93A9DEF0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 114COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: $%!.15g$-$3|r<
                                                                                                                                                                                                                                • API String ID: 3510742995-617294525
                                                                                                                                                                                                                                • Opcode ID: d02df9ab0000bbca719244b57a9d91f3d0f1933245798ee1348dd601c613165e
                                                                                                                                                                                                                                • Instruction ID: 581210b175b92f55884dd945597e1ad96c8eed6763b82a38e0a8e421c35a0bc3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d02df9ab0000bbca719244b57a9d91f3d0f1933245798ee1348dd601c613165e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62410362B1C78582EB20CB6EE0617AA7BA4EB95BC4F004135EE8E27796CB3DD505C700
                                                                                                                                                                                                                                Function 00007FFD93A7C960 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                                • API String ID: 438689982-1843600136
                                                                                                                                                                                                                                • Opcode ID: 741b0e31e271a6a920d8f7a77574a081f4792607e0774ba0d9e6d6aca4af2089
                                                                                                                                                                                                                                • Instruction ID: 87381da3043a1c3d0ce0b84ae6d9ab66c232e7a77ed267dd33d555f1325651c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 741b0e31e271a6a920d8f7a77574a081f4792607e0774ba0d9e6d6aca4af2089
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F412836F08A4686E630DF99E4904A9B36AFB44B89F544136DE8E637A4DF3CE542C340
                                                                                                                                                                                                                                Function 00007FFDA35323F0 Relevance: 7.6, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3399927928.00007FFDA3531000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDA3530000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399906871.00007FFDA3530000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399946107.00007FFDA3533000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399964219.00007FFDA3534000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3399983040.00007FFDA3535000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffda3530000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: calloc$free$memcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3937003943-0
                                                                                                                                                                                                                                • Opcode ID: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                                                                                                                • Instruction ID: 179096aae1ad8f9424a3a387c590fe351db585fe326f250bae88ee30d8649ad3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F431733170AF4182EB1A8B19F47036822A2FF54F90F148835DE9C1774ADF3ED4958345
                                                                                                                                                                                                                                Function 00007FF7868A93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                • Instruction ID: d3786464e3e0c3334d5dbf39440754ad19e0c6c7e1c1d494ccb5b90287d131a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76119062E7DA1221FF743126DC96377A0447F58362EA40634EF7E062D6CE2CEC61C122
                                                                                                                                                                                                                                Function 00007FF78689B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B41F
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B43E
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B466
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B477
                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF78689A613,?,?,00000000,00007FF78689A8AE,?,?,?,?,?,00007FF78689A83A), ref: 00007FF78689B488
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                • Instruction ID: 4c0d77788fa23747d89523d1bcbeaa6265704e9d7ba86dfdc7cb4fcc0a1a4e7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C116320A086026AFA68B3216D5117BE1467F447B0FF88334E87D566D6EE2CBC21D720
                                                                                                                                                                                                                                Function 00007FF78689B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                • Instruction ID: a36a426d07d9f36da92833db1230d073858e7cfbd2803bcea330342786a34fb1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2110620A092066AFA68B3715C1517FA1867F49760FF88734D93E5A6C2FE2CBC21D321
                                                                                                                                                                                                                                Function 00007FF786896010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: verbose
                                                                                                                                                                                                                                • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                • Instruction ID: 0660798fe3960bab89680a2b0d589c6e1ad8bd9d5274ff5b9316a77fea504db3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5091CC32A08A46A5F721AF64DC50B7EB291BB45B94FE44132DA4D432C5EE3CFCA5C320
                                                                                                                                                                                                                                Function 00007FF78689FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                • Instruction ID: 4db75222d53dfbcf1cb667d084fc93df46b78851541aea7b0f042cbce59aba4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8818132E0C242A5F76C6F25895027EB6A0BF11748FF58035DA0E97695EB2DFD21D321
                                                                                                                                                                                                                                Function 00007FF78688D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                • Instruction ID: bd804a114ffd2138a2a590143e07f77face305f3f50390ad30ed311141d8c71b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2651A132B19602AADB54AF15E844A3AB7A1FB44F98FA44530DE4D47B48DF7CEC61CB10
                                                                                                                                                                                                                                Function 00007FF78688EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                • Instruction ID: feac780e042bdbf1c920995d476569db75c97600e2984dc9a20f3f67f8c0bf5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5961C172908BC596E731AB15E8403AAF7A0FB84BC4F544225EB8C07B99DF7CD5A0CB10
                                                                                                                                                                                                                                Function 00007FF78688F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                • Instruction ID: fa07fca1383a16e3a5e807b89b117cea1d8e17d731c49545448e81e18dbada54
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D518032908382D6EB74AF21994427AB6A0FB94FD4FA48136DA5D47795CF3CEC60C711
                                                                                                                                                                                                                                Function 00007FF786887E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,?,00007FF78688352C,?,00000000,00007FF786883F23), ref: 00007FF786887F22
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                                                                • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                                                • Instruction ID: 0e615587edf77ffd1bd11e1794e7ee4dbe2f48831fa020e9eafb92a69419043b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2831D821619AC165EA21AB11EC507EBA364FF94FE4F940231EE6D43BC9DE2CDA11C710
                                                                                                                                                                                                                                Function 00007FF786882810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                • Instruction ID: bafd3ef12296ebc86a1710abba9c39545a6822f2eac066062a24186dab257bcb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3921D162B08B41A6E710AB15F8447EBB7A1FB88784F900132EE8D53659DF3CDA65C750
                                                                                                                                                                                                                                Function 00007FFD93B9CAD0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FeaturePresentProcessor__raise_securityfailurecapture_previous_context
                                                                                                                                                                                                                                • String ID: 3|r<
                                                                                                                                                                                                                                • API String ID: 838830666-173920056
                                                                                                                                                                                                                                • Opcode ID: bc9e85577e0c5d4c5e40581d76414b7e5655eccd442f4b2c7b94972861003e75
                                                                                                                                                                                                                                • Instruction ID: 7c1c0a2fbf145c2201b54afabc71a53a33b494f9ff3b6fe9bf4cf0b44d2e5fd0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc9e85577e0c5d4c5e40581d76414b7e5655eccd442f4b2c7b94972861003e75
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB21AE65B08B06C1FA70EB9CF87126966A8FB8434DF940136D9CEA67A5DF7CA445C700
                                                                                                                                                                                                                                Function 00007FFD93BE1EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFD93BE1EDC), ref: 00007FFD93BE3B31
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93BE1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFD93BE2008
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93BE1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFD93BE2026
                                                                                                                                                                                                                                • PyErr_Format.PYTHON312 ref: 00007FFD93BE1F53
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                • Opcode ID: fe9fd46e1f898954a40cc435b1b2d9c6909a3f099c322250393b7a83e7c0a7cf
                                                                                                                                                                                                                                • Instruction ID: eb3ab6021e209c01916165b32a4ace3501524ba461cc33472f7c459e559ad67c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe9fd46e1f898954a40cc435b1b2d9c6909a3f099c322250393b7a83e7c0a7cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65112175F1894791EB308B9CD4A42B86368FB8874DF900432CA4D562A1DF6DE54AC782
                                                                                                                                                                                                                                Function 00007FFD93AD1000 Relevance: 6.3, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                                                                • Opcode ID: db1eac4d454e902911ea1b1a34f60bb4e209e0ef3d5718293bc999cea4fc789d
                                                                                                                                                                                                                                • Instruction ID: 9d5772ce87263d2efb577197c33c94f8470931440d49cd61f317ec541a9f7cf3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db1eac4d454e902911ea1b1a34f60bb4e209e0ef3d5718293bc999cea4fc789d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB215966B1879183DA74AB5BF5510BAB2A5FB44BC8B085135DBDE57FA6CF2CE050C200
                                                                                                                                                                                                                                Function 00007FF78689C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                • Instruction ID: 5d6d95c92dcbc0a395b4781f538883abcc10579904d58b12b1638d7d547bb12b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCD14972B186809AE710DF65D8403ED77B1FB44798FA08235CE5D67B89EE39E826C350
                                                                                                                                                                                                                                Function 00007FFD93A7DBB0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                                                • API String ID: 2221118986-2815843928
                                                                                                                                                                                                                                • Opcode ID: 8d2a6488cfe544708466a8bb6c48c74f0afd239d4f67e3118775d9e63ad55e06
                                                                                                                                                                                                                                • Instruction ID: 12732eedc67d454b7041b0127e7bff38f44d9a7e51f8f8ba41bc4a375f1279a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d2a6488cfe544708466a8bb6c48c74f0afd239d4f67e3118775d9e63ad55e06
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2C16E21F09A4286EA74EBA9E4B467937A8FF84B59F044235CA9F67291DF3CE445C340
                                                                                                                                                                                                                                Function 00007FFD93B042F0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFD93B047C2), ref: 00007FFD93B0449B
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFD93B047C2), ref: 00007FFD93B0451E
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000080,?,00000000,00007FFD93B047C2), ref: 00007FFD93B0460B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                                                • API String ID: 3510742995-2313493979
                                                                                                                                                                                                                                • Opcode ID: 6bac7e3f1474ddabb9d0e3377e88d9ee408727fdfbaf5356aee17a161c2ff753
                                                                                                                                                                                                                                • Instruction ID: 82436cbf650bf093f7973f0dbe333a75b95c39631d576487cfc7b798ab66169a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bac7e3f1474ddabb9d0e3377e88d9ee408727fdfbaf5356aee17a161c2ff753
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8B19D22B08B8185EB20CF55E5502BE77A4FB85BA8F458235DEAD277D9DF38E154C700
                                                                                                                                                                                                                                Function 00007FFD93A8FCD0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 2221118986-3764764234
                                                                                                                                                                                                                                • Opcode ID: ecbb86cd0e9d029091757095cef891f97430be387d8a3809b0bb42ac0724bbd6
                                                                                                                                                                                                                                • Instruction ID: c21a3667cd72b82164c5eecb15941507f7718268201f8c9748f107cd4b65852c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecbb86cd0e9d029091757095cef891f97430be387d8a3809b0bb42ac0724bbd6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09813523B082E24AE3358B65F4605FE3A98E711799F45413AEFCA97281DA3CD986D310
                                                                                                                                                                                                                                Function 00007FF78689CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78689CFBB), ref: 00007FF78689D0EC
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF78689CFBB), ref: 00007FF78689D177
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                • Instruction ID: 314405e92c54fe47af876ef52776881fa842567d37adf484145b950fdbd80306
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E910E32F18A51A5F750AF659C4027EABA0BB45788FB44135DE0D53686EE3CFC62CB24
                                                                                                                                                                                                                                Function 00007FFD93B0C120 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memcpy.VCRUNTIME140 ref: 00007FFD93B0C285
                                                                                                                                                                                                                                  • Part of subcall function 00007FFD93A786C0: memcpy.VCRUNTIME140(?,?,%s at line %d of [%.10s],00007FFD93A780C1), ref: 00007FFD93A786F1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: AND $<expr>$rowid
                                                                                                                                                                                                                                • API String ID: 3510742995-4041574714
                                                                                                                                                                                                                                • Opcode ID: b4c2be6d6d7564caef385a3f93df3024368e737422d76fa75132c6b25b563662
                                                                                                                                                                                                                                • Instruction ID: 01ed6b8bbe868bb9cd167d18369196eabfbbcf064a70ea4a8f0e38825225533c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4c2be6d6d7564caef385a3f93df3024368e737422d76fa75132c6b25b563662
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0A1D136B086468AEB28CFA9D4A153C37A5FB55B9CF544035DA8E5B398DF3CE841C740
                                                                                                                                                                                                                                Function 00007FFD93AF5C50 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 197COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s.%s$column%d$rowid
                                                                                                                                                                                                                                • API String ID: 0-1505470444
                                                                                                                                                                                                                                • Opcode ID: d1fe2ab18ba4c5494ba92163807286c015e8439aac513501ae0b7842bd63adfc
                                                                                                                                                                                                                                • Instruction ID: 0d9229e9170eb64a72add1169fa724c7dd6df566528a528556b37bb2b62f0d4b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1fe2ab18ba4c5494ba92163807286c015e8439aac513501ae0b7842bd63adfc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0791A832B08B8185EA30CB55E8643A967A8FB45BB8F144326DEAD673D5DF3CE441C700
                                                                                                                                                                                                                                Function 00007FFD93AD0D70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: $, $CREATE TABLE
                                                                                                                                                                                                                                • API String ID: 3510742995-3459038510
                                                                                                                                                                                                                                • Opcode ID: 2081a2dbc97168acd8cf1a833345e11573e5a6da12cc66ba4e09f63b3e37b920
                                                                                                                                                                                                                                • Instruction ID: 7bfbcbd752fca07c3828a7c0add3b1e363e3ed10b2ed013e5ee3a3ff71a4d7a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2081a2dbc97168acd8cf1a833345e11573e5a6da12cc66ba4e09f63b3e37b920
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5610762B0868186DB25CF65E4602B9B7AAFB44BA8F484335DAAD577D1DF3CE446C300
                                                                                                                                                                                                                                Function 00007FFD93A890D0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 176COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 0-3764764234
                                                                                                                                                                                                                                • Opcode ID: a3f4963bf6badd5094b6f77c9a0bd31b2dca0af386d68f606f0576783d0880ce
                                                                                                                                                                                                                                • Instruction ID: 38c85e4f32bc4e3235e63c250033845df125af6552b9c11497d666d6f0015434
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3f4963bf6badd5094b6f77c9a0bd31b2dca0af386d68f606f0576783d0880ce
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23713031B0864686FBB49B96E46437977AAFB84B84F144039DF4E676A5EF3CE851C300
                                                                                                                                                                                                                                Function 00007FFD93BE1FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                • Opcode ID: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                                                                • Instruction ID: 72bbaaf210bf41d338dbab779df79be443080637c461cd7b3e68f5309ef9f10f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A617B32B1824246E6749B5DE81067E725AFF80B98F444231EADE5B7C5DF3CD5018782
                                                                                                                                                                                                                                Function 00007FFD93AD66C0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: , $index '%q'
                                                                                                                                                                                                                                • API String ID: 0-2319803734
                                                                                                                                                                                                                                • Opcode ID: b38855238af2531ce60fd00ce09af3bab892eb1459e02d727cf440c0a4dbcd53
                                                                                                                                                                                                                                • Instruction ID: 6a18ba9f29ae13597463d41330159f128b2e7906f099dd81b594b832638229c8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b38855238af2531ce60fd00ce09af3bab892eb1459e02d727cf440c0a4dbcd53
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F161BF32F186558EEB20DBA5D4605BC3BB8BB48B68F540635DE2E67BE4DF38D4418740
                                                                                                                                                                                                                                Function 00007FF78689F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                • Instruction ID: 4094a66d5b99ca3d403801d18793965d5da29ac97c06b9f3adbb7227d4bb10b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74510772F08111AAFB28EF249D556BEB7A1BB00358FB04135DE1E52AE4EB38BC51C710
                                                                                                                                                                                                                                Function 00007FFD93AAA019 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: out of memory$string or blob too big
                                                                                                                                                                                                                                • API String ID: 3510742995-2410398255
                                                                                                                                                                                                                                • Opcode ID: c6fdc3985466bb38230f9addb8fe37f9a444154b41579b374f21e115db765590
                                                                                                                                                                                                                                • Instruction ID: e4a85c3b369dfade460ea0b404af81f97a01fff1ce7c7c5548d2eb5ad8e21933
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6fdc3985466bb38230f9addb8fe37f9a444154b41579b374f21e115db765590
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0361D523B0879282E7348B56D45027EABA9FF45B88F114032EF8DA7B95DF3DE4019701
                                                                                                                                                                                                                                Function 00007FFD93A77EA7 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: (join-%u)$(subquery-%u)
                                                                                                                                                                                                                                • API String ID: 3510742995-2916047017
                                                                                                                                                                                                                                • Opcode ID: 2ad6d21d790f8b272c37a4ffbf55a8d7d0210876ad3007313e440fdfd4e477f8
                                                                                                                                                                                                                                • Instruction ID: 339bc20631398bda2cf6cdaeaed7af49601e48ed28a6f759cf427961f5043002
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ad6d21d790f8b272c37a4ffbf55a8d7d0210876ad3007313e440fdfd4e477f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4061DF32F0868985EB719B65D0A5BBA77ACFF547A8F440631DA6E132D4DF2DE842C700
                                                                                                                                                                                                                                Function 00007FFD93A89360 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 2221118986-3764764234
                                                                                                                                                                                                                                • Opcode ID: 8f983514268cc7df1290e166eec0b47a294775388fb5c19de4c52b4ac99553b0
                                                                                                                                                                                                                                • Instruction ID: ef2a57d0a5c658a89d37176b938cb40a5c0b61e8608b9e703586ababbfeb1cfd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f983514268cc7df1290e166eec0b47a294775388fb5c19de4c52b4ac99553b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33518E32B09B8287EB68CF66E5506AA73A9FB48B88F54403ADF4D53754DF38E455C300
                                                                                                                                                                                                                                Function 00007FFD93A97170 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 3510742995-3764764234
                                                                                                                                                                                                                                • Opcode ID: 2a94730eed77a3b68ecc875e2f8e79a8d471dccbd3bbaaddc1aafe578b332632
                                                                                                                                                                                                                                • Instruction ID: ac229d9effb52cb9e8c2575536aa3c5b45a0b6034a5fd49280dfdff4762d3d4a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a94730eed77a3b68ecc875e2f8e79a8d471dccbd3bbaaddc1aafe578b332632
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF519B32B18B81C6DB208F95F4502AAB7A9FB94B84F544022EE8D27B68CF3CD455C710
                                                                                                                                                                                                                                Function 00007FF7868957EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                • Instruction ID: f99fc6d47d5cf4a6cbd26f2c241bfaaac3c51670f09e7bd9ec395e9a80d1c405
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3451D262E186419AFB11EF71E8503BEA3B1BB44B58FA44435DE4D57688EF38E861C321
                                                                                                                                                                                                                                Function 00007FFD93A8B160 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 2221118986-3764764234
                                                                                                                                                                                                                                • Opcode ID: fa40007d604dc6cc06400549b7ec3b66cbe8079a186df2d3bd517a7d904fd4b9
                                                                                                                                                                                                                                • Instruction ID: 9f42c2b279ce7271f00fb39803f4bdb5e147fdecf461595b17b7d61f9c5d9b9b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa40007d604dc6cc06400549b7ec3b66cbe8079a186df2d3bd517a7d904fd4b9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5418032B18B4583EB648F95E4606AD73A9FB84B90F540135EE8E67794EF3CD9418740
                                                                                                                                                                                                                                Function 00007FFD93A967E0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0$database corruption
                                                                                                                                                                                                                                • API String ID: 0-3764764234
                                                                                                                                                                                                                                • Opcode ID: e356b54525bc3db644c2bbfedda288c80d706b5e07cb6a97744b6204c7493019
                                                                                                                                                                                                                                • Instruction ID: a6d78ee67193bcf24a383ec58f92ba5908867d1e98453792b3ea2ddfb873af49
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e356b54525bc3db644c2bbfedda288c80d706b5e07cb6a97744b6204c7493019
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85312133B097C18ED714CF6AD0A007D3BA4EB44B98B04813AEF896B369DA3CD555C750
                                                                                                                                                                                                                                Function 00007FF78688D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                • Instruction ID: e33f877b0c3400c062c6459c327c8d0d4595e5f27f299ae574f67bd03c07446c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B118822B14B069AEB00DF61EC442BA73B0FB08758F840E31DE2D82BA4DF38D4A4C350
                                                                                                                                                                                                                                Function 00007FFD93A72420 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _localtime64_s
                                                                                                                                                                                                                                • String ID: 3|r<$local time unavailable
                                                                                                                                                                                                                                • API String ID: 4067328638-127800857
                                                                                                                                                                                                                                • Opcode ID: ecd40c4846240caddba8e1b915ab4266419b3d4c6786aa4430cfa7f29b80178f
                                                                                                                                                                                                                                • Instruction ID: 884967eae394b5e2e154c8aa9e27bba6cd3489598d0d1e0d2d2f9eb46928f1f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecd40c4846240caddba8e1b915ab4266419b3d4c6786aa4430cfa7f29b80178f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE51E162F14B458AE724CFB8D4A02AC23A4FB5879CF009335EA5E27B85DF38E191C700
                                                                                                                                                                                                                                Function 00007FF7868A5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                • Instruction ID: 2fe6aa5e1a9d07c4ecce242be6cab11595c49a2b9f472a5dca3283ade030baf5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A414C12A0828162FB25B716EC0137BD651FB90BA5FB44235EF5C06AD9DF3CD8A1C712
                                                                                                                                                                                                                                Function 00007FF786899084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7868990B6
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9CE
                                                                                                                                                                                                                                  • Part of subcall function 00007FF78689A9B8: GetLastError.KERNEL32(?,?,?,00007FF7868A2D92,?,?,?,00007FF7868A2DCF,?,?,00000000,00007FF7868A3295,?,?,?,00007FF7868A31C7), ref: 00007FF78689A9D8
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF78688CC15), ref: 00007FF7868990D4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\shost.exe
                                                                                                                                                                                                                                • API String ID: 3580290477-2881294525
                                                                                                                                                                                                                                • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                • Instruction ID: 99fd8187acac3632bc0b78e197cd58387b5a924de38d3d18f8efa98ec1ffb203
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98418131A08B02A5EB14BF259C910BEA3A4FB457D0FE94035E94D43B85EE3DECA1C320
                                                                                                                                                                                                                                Function 00007FF78689CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                • Instruction ID: 43713cf6f30144cee7e302d846f67f013f13b27f82fc671ba6bb74f00ef0e53d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA41D632B18A8195DB60DF25E8443AAA760FB88794FA04031EE4D87B98EF3DE811C750
                                                                                                                                                                                                                                Function 00007FF78689F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                                                • Instruction ID: 3571984de55b9c68e7de0bda7693d152d0459020119988b200e799a28f81430d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD212522A0838192EB24AB15D80422FB3B1FB84B44FE14035CB8C43684EF7CED64CB61
                                                                                                                                                                                                                                Function 00007FF78688FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                • Instruction ID: 33334e2d54aa868b198f9f16b0290658234dcef9eb05bcdc3ca54d99c8bf4581
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3112132618B8192EB619F15F84026AB7E5FB88B84F684231EF8D07759DF3CD961C710
                                                                                                                                                                                                                                Function 00007FF7868A07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3395985980.00007FF786881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF786880000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3395970050.00007FF786880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396011085.00007FF7868AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396033229.00007FF7868C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396065976.00007FF7868C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff786880000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                • Instruction ID: 2eac4813aed6ac5e8bd0c3bc86fcd25e6d1e8c041b920415b1ce83ead92cfdec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C001712291820396F720BF61986527FA2A0FF44749FE40035D94D42691EE3DE924CA25
                                                                                                                                                                                                                                Function 00007FFD93BE4B18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                • String ID: no such name
                                                                                                                                                                                                                                • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                • Opcode ID: ac25febba8f5bdc0c9cfa2e9817e8debf067cef10677f4d15bb58f151aba3dd9
                                                                                                                                                                                                                                • Instruction ID: 20f051094269603b35de090cc236e4c3d3c2ea2f6d9f6477a5026b85813e28cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac25febba8f5bdc0c9cfa2e9817e8debf067cef10677f4d15bb58f151aba3dd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7014475B1CA4281FB719BA9E8647B933A8BF9CB8CF440031DA8E66350DF2CE5048742
                                                                                                                                                                                                                                Function 00007FFD93A750B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _msizerealloc
                                                                                                                                                                                                                                • String ID: failed memory resize %u to %u bytes
                                                                                                                                                                                                                                • API String ID: 2713192863-2134078882
                                                                                                                                                                                                                                • Opcode ID: 92894b7a421d4a8d0f2dc1f799139c1eca998cb75613eb0b3fdb44dfe30869b9
                                                                                                                                                                                                                                • Instruction ID: b9aab1121aab79be8d67652a02d4268a69bf8add38a342d8eec676a2a12687f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92894b7a421d4a8d0f2dc1f799139c1eca998cb75613eb0b3fdb44dfe30869b9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CE06D21F0978181FA248B96F9A44796265AF48FCCB185534EE4E2BB69EF2CE542C700
                                                                                                                                                                                                                                Function 00007FFD93BE25C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFD93BE2533), ref: 00007FFD93BE25C6
                                                                                                                                                                                                                                • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFD93BE2533), ref: 00007FFD93BE25F8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396285508.00007FFD93BE1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFD93BE0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396270036.00007FFD93BE0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93BE5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C42000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C8E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C92000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93C97000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396302938.00007FFD93CEF000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396461517.00007FFD93CF2000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396477053.00007FFD93CF4000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93be0000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object_$Track
                                                                                                                                                                                                                                • String ID: 3.2.0
                                                                                                                                                                                                                                • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                • Instruction ID: 69140cea3333abaf895be855210e886987ded63a92cd107d5cd9583d4e4830d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AE0ED25B15B0695EB399B99E86406823ACEF08708B540136CD8D16310EF3CE164C3C2
                                                                                                                                                                                                                                Function 00007FFD93ABABE0 Relevance: 5.2, APIs: 4, Instructions: 223COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 438689982-0
                                                                                                                                                                                                                                • Opcode ID: 063867daf08dc840c18da87f71504e9cfd181ef9bf5db64338ac6d78780bbdb1
                                                                                                                                                                                                                                • Instruction ID: bd566f85adff7fde8421550ed58df23cdb488da7e3a83eb8ff754f3cc83fe86f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 063867daf08dc840c18da87f71504e9cfd181ef9bf5db64338ac6d78780bbdb1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A391D232B08A8286EB74CF96916076A77B8FB45BD4F048135EE9D57B85DF3CE4A08701
                                                                                                                                                                                                                                Function 00007FFD93ABB340 Relevance: 5.2, APIs: 4, Instructions: 220COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.3396120486.00007FFD93A71000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD93A70000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396103900.00007FFD93A70000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396211118.00007FFD93B9E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396236464.00007FFD93BCB000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.3396252190.00007FFD93BD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffd93a70000_shost.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                                                • Opcode ID: 3f859ac6ac02e878cf440436bbbe9bcf4ba2bca3893d27bab73cb4c77d7d8bd1
                                                                                                                                                                                                                                • Instruction ID: 1fc1e6c37cae2ca0872ff4858d8de8edc927743d72ded656e6fe5829cf3b8c57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f859ac6ac02e878cf440436bbbe9bcf4ba2bca3893d27bab73cb4c77d7d8bd1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D491BF32B097868AEA74DF5694A426A77E8FB44BE0F484234DE5E17BC1DF3CE4208700